Release notes for Gluster 4.0.2

This is a bugfix release. The release notes for 4.0.0, and 4.0.1 contain a listing of all the new features that were added and bugs fixed in the GlusterFS 4.0 release.

Major changes, features and limitations addressed in this release

This release contains a fix for a security vulerability in Gluster as follows, - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1088 - https://nvd.nist.gov/vuln/detail/CVE-2018-1088

Installing the updated packages and restarting gluster services, will update the Gluster shared storage volume volfiles, that are more secure than the defaults currently in place.

Further, for increased security, the Gluster shared storage volume can be TLS enabled, and access to the same restricted using the auth.ssl-allow option. See, this guide for more details.

Major issues

No Major issues

Bugs addressed

Bugs addressed since release-4.0.1 are listed below.

  • #1558959: [brick-mux] incorrect event-thread scaling in server_reconfigure()
  • #1559079: test ./tests/bugs/ec/bug-1236065.t is generating crash on build
  • #1559244: enable ownthread feature for glusterfs4_0_fop_prog
  • #1561721: Rebalance failures on a dispersed volume with lookup-optimize enabled
  • #1562728: SHD is not healing entries in halo replication
  • #1564461: gfapi: fix a couple of minor issues
  • #1565654: /var/log/glusterfs/bricks/export_vdb.log flooded with this error message "Not able to add to index [Too many links]"
  • #1566822: [Remove-brick] Many files were not migrated from the decommissioned bricks; commit results in data loss
  • #1569403: EIO errors on some operations when volume has mixed brick versions on a disperse volume
  • #1570432: CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled [fedora-all]