2.8.6

(2021-04-12)

What’s new

  • Intermittent failures no longer occur during metadata garbage collection when using Google Cloud Storage as the back end (ENGDTR-2376).

  • All analytics reports for instances of MSR with a Mirantis-issued license key now include the license ID (even when the anonymize analytics setting is enabled). The license subject reads License ID in the web UI (ENGDTR-2327).

Bug fixes

  • Fixed an issue wherein the MSR web UI presented no more than 10 user organizations on the Users page (FIELD-3520).

  • Fixed an issue wherein the S3 back-end storage settings did not display in the web UI following an upgrade (FIELD-3395).

  • Fixed an issue with the MSR web UI wherein lengthy tag names overlapped with adjacent text in the repository tag list (FIELD-1631).

Security

  • MSR is not vulnerable to CVE-2019-15562, despite its detection in dtr-notary-signer and dtr-notary-server vulnerability scans, as the SQL back end is not used in Notary deployment (ENGDTR-2319).

  • Vulnerability scans of the dtr-jobrunner can give false positives for CVE-2020-29363, CVE-2020-29361, and CVE-2020-29362 in the p11-kit component. The container’s version of p11-kit is not vulnerable to these CVEs. (ENGDTR-2319).

  • Resolved CVE-2019-20907 (ENGDTR-2259).