1.0.1¶
Release date: 2023-MAY-16
Enhancements¶
[ENGDTR-3102] MMT now collects migration data, which Mirantis will use to identify ways to improve the product and facilitate its use.
Learn more
Addressed issues¶
[ENGDTR-3517] Fixed an issue wherein the restore command did not continue from its stopping point when it was terminated prior to completion.
[ENGDTR-3385] When run again following an interruption, the extract command now logs the number of blobs that it previously copied.
To improve MMT CLI help text readability, commands are now grouped into types.
Security¶
The critical and high severity CVEs addressed in this MMT release are detailed in the following table:
CVE
Status
Problem details from upstream
Resolved
Authorization Bypass Through User-Controlled Key in GitHub repository
emicklei/go-restful
prior tov3.8.0
.Resolved
Due to unsanitized
NUL
values, attackers may be able to maliciously set environment variables on Windows. Insyscall.StartProcess
andos/exec.Cmd
, invalid environment variable values containingNUL
values are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string"A=B\x00C=D"
sets the variables"A=B"
and"C=D"
.