1.0.1

Release date: 2023-MAY-16

Enhancements

[ENGDTR-3102] MMT now collects migration data, which Mirantis will use to identify ways to improve the product and facilitate its use.

Learn more

Telemetry

Addressed issues

  • [ENGDTR-3517] Fixed an issue wherein the restore command did not continue from its stopping point when it was terminated prior to completion.

  • [ENGDTR-3385] When run again following an interruption, the extract command now logs the number of blobs that it previously copied.

  • To improve MMT CLI help text readability, commands are now grouped into types.

Security

  • The critical and high severity CVEs addressed in this MMT release are detailed in the following table:

    CVE

    Status

    Problem details from upstream

    CVE-2022-1996

    Resolved

    Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

    CVE-2022-41716

    Resolved

    Due to unsanitized NUL values, attackers may be able to maliciously set environment variables on Windows. In syscall.StartProcess and os/exec.Cmd, invalid environment variable values containing NUL values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string "A=B\x00C=D" sets the variables "A=B" and "C=D".