[ENGDTR-3102] MMT now collects migration data, which Mirantis will use to identify ways to improve the product and facilitate its use.
[ENGDTR-3517] Fixed an issue wherein the restore command did not continue from its stopping point when it was terminated prior to completion.
[ENGDTR-3385] When run again following an interruption, the extract command now logs the number of blobs that it previously copied.
To improve MMT CLI help text readability, commands are now grouped into types.
The critical and high severity CVEs addressed in this MMT release are detailed in the following table:
Problem details from upstream
Authorization Bypass Through User-Controlled Key in GitHub repository
Due to unsanitized
NULvalues, attackers may be able to maliciously set environment variables on Windows. In
os/exec.Cmd, invalid environment variable values containing
NULvalues are not properly checked for. A malicious environment variable value can exploit this behavior to set a value for a different environment variable. For example, the environment variable string
"A=B\x00C=D"sets the variables