[SRU] ceph 15.2.12
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu Cloud Archive |
Invalid
|
Undecided
|
Unassigned | ||
Ussuri |
Fix Released
|
High
|
Unassigned | ||
ceph (Ubuntu) |
Invalid
|
Undecided
|
Unassigned | ||
Focal |
Fix Released
|
High
|
Steve Beattie | ||
Groovy |
Fix Released
|
High
|
Steve Beattie |
Bug Description
[Impact]
This release fixes several bugs. We would like to make sure all of our users have access to these improvements.
The update contains the following package updates:
* ceph 15.2.12
[Test Case]
The following SRU process was followed:
https:/
In order to avoid regression of existing users, the OpenStack team will run their continuous integration test against the packages that are in -proposed. A successful run of all available tests will be required before the proposed packages can be let into -updates.
The OpenStack team will be in charge of attaching the output summary of the executed tests. The OpenStack team members will not mark ‘verification-done’ until this has happened.
[Regression Potential]
In order to mitigate the regression potential, the results of the
aforementioned tests are attached to this bug.
[Upstream release announcement]
V15.2.12 OCTOPUS
This is a hotfix release addressing a number of security issues and regressions. We recommend all users update to this release.
CHANGELOG
mgr/dashboard: fix base-href: revert it to previous approach (issue#50684, Avan Thakkar)
mgr/dashboard: fix cookie injection issue (CVE-2021-3509: Dashboard XSS via token cookie, Ernesto Puerta)
rgw: RGWSwiftWebsite
rgw: sanitize r in s3 CORSConfiguration’s ExposeHeader (CVE-2021-3524: HTTP header injects via CORS in RGW, Sergey Bobrov, Casey Bodley)
Changed in ceph (Ubuntu Focal): | |
status: | New → Triaged |
Changed in ceph (Ubuntu Groovy): | |
status: | New → Triaged |
Changed in ceph (Ubuntu): | |
status: | New → Invalid |
Changed in ceph (Ubuntu Groovy): | |
importance: | Undecided → High |
Changed in ceph (Ubuntu Focal): | |
importance: | Undecided → High |
description: | updated |
description: | updated |
description: | updated |
Changed in cloud-archive: | |
status: | New → Invalid |
Changed in ceph (Ubuntu Focal): | |
assignee: | nobody → Steve Beattie (sbeattie) |
Changed in ceph (Ubuntu Groovy): | |
assignee: | nobody → Steve Beattie (sbeattie) |
Hey James! Since this feels like a security update, should we aim for getting it released into -security as well? In that case we'd have to inform the ubuntu-security team, build the packages in a security-enabled PPA and only the binary-copy the packages into -proposed.