13.2.4 Mimic released

TheAnalyst

This is the fourth bugfix release of the Mimic v13.2.x long term stable release series. This release includes two security fixes atop of v13.2.3. We recommend that all mimic users upgrade. If you've already upgraded to v13.2.3, the same restrictions from v13.2.2 to v13.2.3 apply here as well.

Notable Changes

  • CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (issue#35994)

    • A new param rgw max listing results controls the upper bound max-keys on Bucket listing operations (ListBucket, ListBucketVersions, ListBucketMultipartUploads(max-uploads), ListMultipartUploadParts(max-parts)

  • CVE-2018-14662: mon: limit caps allowed to access the config store

Notable Changes in v13.2.3 Mimic

  • The default memory utilization for the mons has been increased somewhat. Rocksdb now uses 512 MB of RAM by default, which should be sufficient for small to medium-sized clusters; large clusters should tune this up. Also, the mon_osd_cache_size has been increase from 10 OSDMaps to 500, which will translate to an additional 500 MB to 1 GB of RAM for large clusters, and much less for small clusters.
  • Ceph v13.2.2 includes a wrong backport, which may cause mds to go into ‘damaged’ state when upgrading Ceph cluster from previous version. The bug is fixed in v13.2.3. If you are already running v13.2.2, upgrading to v13.2.3 does not require special action.
  • The bluestore_cache_* options are no longer needed. They are replaced by osd_memory_target, defaulting to 4GB. BlueStore will expand and contract its cache to attempt to stay within this limit. Users upgrading should note this is a higher default than the previous bluestore_cache_size of 1GB, so OSDs using BlueStore will use more memory by default. For more details, see the BlueStore docs.
  • This version contains an upgrade bug, http://tracker.ceph.com/issues/36686, due to which upgrading during recovery/backfill can cause OSDs to fail. This bug can be worked around, either by restarting all the OSDs after the upgrade, or by upgrading when all PGs are in “active+clean” state. If you have already successfully upgraded to 13.2.2, this issue should not impact you. Going forward, we are working on a clean upgrade path for this feature.

Changelog

  • CVE-2018-16846: rgw: enforce bounds on max-keys/max-uploads/max-parts (issue#35994)
  • CVE-2018-14662: mon: limit caps allowed to access the config store

For the rest of the changes in v13.2.3 please refer to the v13.2.3 release blog entry