2.9.4¶
(2021-08-19)
Enhancements¶
To help administrators troubleshoot authorization issues, MSR now includes the name and ID of the requesting user in log messages from the
dtr-garant
container when handling/auth/token
API requests (FIELD-3509).MSR now includes support for the
GET /v2/_catalog
endpoint from the Docker Registry HTTP API V2. Authenticated MSR users can use this API to list all the repositories in the registry that they have permission to view (ENGDTR-2667).MSR now accepts only JWT licenses. To upgrade MSR, customers using a Docker Hub-issued license must first replace it with the new license version (ENGDTR-2631).
To request a JWT license, contact support@mirantis.com.
KubeLinter has been updated to version 0.2.2, which includes 11 additional rules, and new rule-mediation descriptions have been added to existing rules (ENGDTR-2624).
The following MSR commands now include a
--max-wait
option:emergency-repair
join
reconfigure
restore
upgrade
With this new option you can set the maximum amount of time that MSR allows for operations to complete. The
--max-wait
option is especially useful when allocating additional startup time for very large MSR databases (FIELD-4070).
Addressed issues¶
Fixed an issue wherein the webhook client timeout settings caused reconnections to wait too long (FIELD-4083).
Fixed an issue with the MSR web UI wherein the enforcement policy page did not allow users to enable or disable enforcement policies within a repository (ENGDTR-2679).
Fixed an issue wherein connecting to MSR with IPv6 failed after an MCR upgrade to version 20.10.0 or later (FIELD-4144).
Known issues¶
MSR administrative actions such as backup, restore, and reconfigure can continuously fail with the
invalid session token
error shortly after entering phase 2. The error resembles the following example:FATA[0000] Failed to get new conv client: Docker version check failed: \ Failed to get docker version: Error response from daemon: \ {"message":"invalid session token"}
Workaround:
Before running any bootstrap command, source a client bundle in order to locate the existing
dtr-phase2
container.Remove the existing
dtr-phase2
container.
Refer to MSR Bootstrap Commands (Restore, Backup, Reconfigure) Fail with “invalid session token” in the Mirantis knowledge base for more information.
FIELD-4270
Security information¶
Resolved the following Django vulnerabilities: CVE-2021-35042, CVE-2021-33571, and CVE-2021-33203 (ENGDTR-2707).
Resolved the following curl vulnerabilities: CVE-2021-22901, CVE-2021-22897, and CVE-2021-22898 (ENGDTR-2708).
Deprecation notes¶
In correlation with the End of Life date for MKE 3.2.x and MSR 2.7.x, Mirantis stopped maintaining the associated documentation set on 2021-07-21.