2.8.6¶
(2021-04-12)
What’s new¶
Intermittent failures no longer occur during metadata garbage collection when using Google Cloud Storage as the back end (ENGDTR-2376).
All analytics reports for instances of MSR with a Mirantis-issued license key now include the license ID (even when the
anonymize analytics
setting is enabled). The license subject reads License ID in the web UI (ENGDTR-2327).
Bug fixes¶
Fixed an issue wherein the MSR web UI presented no more than 10 user organizations on the Users page (FIELD-3520).
Fixed an issue wherein the S3 back-end storage settings did not display in the web UI following an upgrade (FIELD-3395).
Fixed an issue with the MSR web UI wherein lengthy tag names overlapped with adjacent text in the repository tag list (FIELD-1631).
Security¶
MSR is not vulnerable to CVE-2019-15562, despite its detection in
dtr-notary-signer
anddtr-notary-server
vulnerability scans, as the SQL back end is not used in Notary deployment (ENGDTR-2319).Vulnerability scans of the
dtr-jobrunner
can give false positives for CVE-2020-29363, CVE-2020-29361, and CVE-2020-29362 in the p11-kit component. The container’s version of p11-kit is not vulnerable to these CVEs. (ENGDTR-2319).Resolved CVE-2019-20907 (ENGDTR-2259).