2.8.10¶
(2021-11-09)
What’s new¶
Added new sub-command rotate-certificates to the
rethinkops
binary that exists inside of thedtr-rethinkdb
image. This command allows you to rotate the certificates that provide intracluster communication between the MSR system containers and RethinkDB.To rotate certificates, docker exec into the
dtr-rethinkdb
container and use the command below (you can provide the--debug
flag for more information):REPLICA_ID=$(docker ps -lf name='^/dtr-rethinkdb-.{12}$' --format '{{.Names}}' | cut -d- -f3) $ docker exec -e DTR_REPLICA_ID=$REPLICA_ID -it $(docker ps -q --filter name=dtr-rethinkdb) # rethinkops rotate-certificates --replica-id $DTR_REPLICA_ID --debug
(FIELD-4044)
Bug fixes¶
Fixed an issue wherein the webhook could fail to trigger, thus issuing the “argument list too long” error (FIELD-3424).
Fixed an issue wherein the MSR image scan CSV report was missing the CVSS3 score and only had the CVSS2 score (FIELD-3946).
Fixed issues wherein the list of org repositories was limited to ten and was wrapping incorrectly (FIELD-3987).
Fixed an issue with the MSR web UI wherein performing a search from the left-side navigation panel produced search results that displayed on top of the background text (FIELD-4268).
Made improvements to MSR administrative actions to circumvent failures that can result from stale containers (FIELD-4270) (FIELD-4291).
Fixed an image signing regression issue that applies to MSR 2.8.9 (FIELD-4320).
Security¶
Resolved the following OpenSSL vulnerabilities: CVE-2021-3711 and CVE-2021-3712 (FIELD-4387).
Resolved the following libxml2 vulnerability: CVE-2021-3541 (FIELD-4394).
Resolved the following urlllib3 vulnerabilities: CVE-2021-33503 and CVE-2021-28363 (FIELD-4399).
Resolved the following curl vulnerabilities: CVE-2021-22945, CVE-2021-22946, CVE-2021-22926, CVE-2021-22922, CVE-2021-22947, CVE-2021-22925, and CVE-2021-22923 (FIELD-4401).
Known issue¶
The image signing functionality in MSR 2.8.9 is incompatible with other MSR versions.
Workaround:
For images signed by MSR 2.8.9 it is necessary to delete trust data and re-sign the images using MSR 2.8.10 (FIELD-4320).