2.9.21

Release date: 2024-SEP-30

Enhancements

  • [ENGDTR-4289] Added a new --include-job-logs flag to the backup command, enabling users to include job logs in the backup.

  • [ENGDTR-4332] Updated Golang to 1.21.13.

Addressed issues

  • [FIELD-7122] Fixed an issue wherein the MSR web UI would crash whenever a tag had no layers to display. Now in such cases, the MSR web UI reports that layer details are not available for the particular image.

  • [FIELD-7180] Fixed an issue wherein dtr-registry with S3 storage could crash.

Security information

Resolved CVEs, as detailed:

CVE

Status

Problem details from upstream

CVE-2024-6345

Resolved

A vulnerability in the package_index module of pypa/setuptools versions up to 69.1.1 allows for remote code execution via its download functions. These functions, which are used to download packages from URLs provided by users or retrieved from package index servers, are susceptible to code injection. If these functions are exposed to user-controlled inputs, such as package URLs, they can execute arbitrary commands on the system. The issue is fixed in version 70.0.