2.9.11

(2023-02-16)

Enhancements

  • (ENGDTR-3573) MSR now offers the option to disable coloring in the log output.

  • (ENGDTR-3558) Updated Go to version 1.19.4.

  • (ENGDTR-3649) Updated Synopsys scanner to version 2022-12-2.

Addressed issues

  • (FIELD-5447) Fixed an issue with the /api/v0/api_tokens endpoint wherein changing the value of the pageStart parameter did not change the page returned in the request output.

    When upgrading from a previous MSR version, for the fix to go into effect you must run a particular command sequence using the RethinkDB CLI. Contact Mirantis support for the RethinkDB CLI instructions. Fresh installations do not require the manual CLI steps.

  • (ENGDTR-3421) Fixed an issue wherein the MSR web UI would break whenever a user tried to access the repository page for an organization from a repository list.

  • (FIELD-4211) MSR now issues a warning when installations or upgrades fail due to the disabling of MKE admin container scheduling.

Security information

  • CVE information, as detailed:

    CVE

    Status

    Problem details from upstream

    CVE-2022-46908

    Resolved

    SQLite through 3.40.0, when relying on --safe for execution of an untrusted CLI script, does not properly implement the azProhibitedFunctions protection mechanism, and instead allows UDF functions such as WRITEFILE.

    CVE-2017-9225

    False positive

    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds write in onigenc_unicode_get_case_fold_codes_by_str() occurs during regular expression compilation. Code point 0xFFFFFFFF is not properly handled in unicode_unfold_key(). A malformed regular expression could result in 4 bytes being written off the end of a stack buffer of expand_case_fold_string() during the call to onigenc_unicode_get_case_fold_codes_by_str(), a typical stack buffer overflow.