2.9.24¶
Release date: 2025-MAR-10
Addressed issues:¶
The list of the addressed issues in MSR 2.9.24 includes:
[FIELD-5457] Fixed an issue in the MSR web UI wherein changing the contents of Full name in admin > Profile > Settings caused the screen to go blank.
[FIELD-6433] Fixed an issue wherein the search function in the User page of the MSR web UI incorrectly returned organizations and repositories information in addition to user information.
[FIELD-7005] Fixed an issue wherein the MSR web UI failed to clearly identify a successful user password change by an administrator. Now, the Save button is disabled until a valid password is entered into the New password field, and a popup presents to indicate that the operation was a success.
[FIELD-7476] Fixed an issue wherein repositories with an immutable tag were not skipped during pruning operations, which caused pruning jobs to fail.
[FIELD-7480] Fixed an issue that could cause a reconfiguration failure for MSR with a large RethinkDB size.
[FIELD-7499] Fixed an issue wherein the MSR web UI failed to provide proper error feedback whenever attempts were made to create pruning policies for repositories with immutable tags.
Major component versions¶
The following table provides the versioning information for the major middleware components that comprise the MSR 2.9 patch release.
Security information¶
Updated the following middleware component versions to resolve vulnerabilities in MSR:
[ENGDTR-4360] Golang 1.23.6
[ENGDTR-4366] go-restful v3.11.2
[ENGDTR-4382]
Alpine Linux 3.18.12
PostgreSQL 13.20
Resolved CVEs, as detailed:
CVE |
Status |
Problem details from upstream |
|---|---|---|
Resolved |
usl libc 0.9.13 through 1.2.5 before 1.2.6 has an out-of-bounds write vulnerability when an attacker can trigger iconv conversion of untrusted EUC-KR text to UTF-8. |