2.9.11¶
(2023-02-16)
Enhancements¶
(ENGDTR-3573) MSR now offers the option to disable coloring in the log output.
(ENGDTR-3558) Updated Go to version 1.19.4.
(ENGDTR-3649) Updated Synopsys scanner to version 2022-12-2.
Addressed issues¶
(FIELD-5447) Fixed an issue with the
/api/v0/api_tokens
endpoint wherein changing the value of thepageStart
parameter did not change the page returned in the request output.When upgrading from a previous MSR version, for the fix to go into effect you must run a particular command sequence using the RethinkDB CLI. Contact Mirantis support for the RethinkDB CLI instructions. Fresh installations do not require the manual CLI steps.
(ENGDTR-3421) Fixed an issue wherein the MSR web UI would break whenever a user tried to access the repository page for an organization from a repository list.
(FIELD-4211) MSR now issues a warning when installations or upgrades fail due to the disabling of MKE admin container scheduling.
Security information¶
CVE information, as detailed:
CVE
Status
Problem details from upstream
Resolved
SQLite through 3.40.0, when relying on
--safe
for execution of an untrusted CLI script, does not properly implement theazProhibitedFunctions
protection mechanism, and instead allows UDF functions such asWRITEFILE
.False positive
An issue was discovered in Oniguruma 6.2.0, as used in
Oniguruma-mod
in Ruby through 2.4.1 andmbstring
in PHP through 7.1.5. A stack out-of-bounds write inonigenc_unicode_get_case_fold_codes_by_str()
occurs during regular expression compilation. Code point0xFFFFFFFF
is not properly handled inunicode_unfold_key()
. A malformed regular expression could result in 4 bytes being written off the end of a stack buffer ofexpand_case_fold_string()
during the call toonigenc_unicode_get_case_fold_codes_by_str()
, a typical stack buffer overflow.