2.9.4

(2021-08-19)

Enhancements

• To help administrators troubleshoot authorization issues, MSR now includes the name and ID of the requesting user in log messages from the dtr-garant container when handling /auth/token API requests (FIELD-3509).

• MSR now includes support for the GET /v2/_catalog endpoint from the Docker Registry HTTP API V2. Authenticated MSR users can use this API to list all the repositories in the registry that they have permission to view (ENGDTR-2667).

• MSR now accepts only JWT licenses. To upgrade MSR, customers using a Docker Hub-issued license must first replace it with the new license version (ENGDTR-2631).

  To request a JWT license, contact support@mirantis.com.

• KubeLinter has been updated to version 0.2.2, which includes 11 additional rules, and new rule-mediation descriptions have been added to existing rules (ENGDTR-2624).

• The following MSR commands now include a --max-wait option:

  • emergency-repair

  • join

  • reconfigure

  • restore

  • upgrade

  With this new option you can set the maximum amount of time that MSR allows for operations to complete. The --max-wait option is especially useful when allocating additional startup time for very large MSR databases (FIELD-4070).

Addressed issues

• Fixed an issue wherein the webhook client timeout settings caused reconnections to wait too long (FIELD-4083).

• Fixed an issue with the MSR web UI wherein the enforcement policy page did not allow users to enable or disable enforcement policies within a repository (ENGDTR-2679).

• Fixed an issue wherein connecting to MSR with IPv6 failed after an MCR upgrade to version 20.10.0 or later (FIELD-4144).

Known issues

• MSR administrative actions such as backup, restore, and reconfigure can continuously fail with the invalid session token error shortly after entering phase 2. The error resembles the following example:

  FATA[0000] Failed to get new conv client: Docker version check failed: \
  Failed to get docker version: Error response from daemon: \
  {"message":"invalid session token"}
  

  Workaround:

  1. Before running any bootstrap command, source a client bundle in order to locate the existing dtr-phase2 container.

  2. Remove the existing dtr-phase2 container.

  Refer to MSR Bootstrap Commands (Restore, Backup, Reconfigure) Fail with “invalid session token” in the Mirantis knowledge base for more information.

  FIELD-4270

Security information

• Resolved the following Django vulnerabilities: CVE-2021-35042, CVE-2021-33571, and CVE-2021-33203 (ENGDTR-2707).

• Resolved the following curl vulnerabilities: CVE-2021-22901, CVE-2021-22897, and CVE-2021-22898 (ENGDTR-2708).

Deprecation notes

• In correlation with the End of Life date for MKE 3.2.x and MSR 2.7.x, Mirantis stopped maintaining the associated documentation set on 2021-07-21.