Release notes for Gluster 4.1.6

This is a bugfix release. The release notes for 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4 and 4.1.5 contains a listing of all the new features that were added and bugs fixed in the GlusterFS 4.1 stable release.

NOTE: Next minor release tentative date: Week of 20th January, 2019

Major changes, features and limitations addressed in this release

This release contains fixes for several security vulnerabilities in Gluster as follows, - https://nvd.nist.gov/vuln/detail/CVE-2018-14651 - https://nvd.nist.gov/vuln/detail/CVE-2018-14652 - https://nvd.nist.gov/vuln/detail/CVE-2018-14653 - https://nvd.nist.gov/vuln/detail/CVE-2018-14654 - https://nvd.nist.gov/vuln/detail/CVE-2018-14659 - https://nvd.nist.gov/vuln/detail/CVE-2018-14660 - https://nvd.nist.gov/vuln/detail/CVE-2018-14661

Major issues

None

Bugs addressed

Bugs addressed since release-4.1.5 are listed below.

  • #1632013: georep: hard-coded paths in gsyncd.conf.in
  • #1633479: 'df' shows half as much space on volume after upgrade to RHGS 3.4
  • #1633634: split-brain observed on parent dir
  • #1635979: Writes taking very long time leading to system hogging
  • #1635980: Low Random write IOPS in VM workloads
  • #1636218: [SNAPSHOT]: with brick multiplexing, snapshot restore will make glusterd send wrong volfile
  • #1637953: data-self-heal in arbiter volume results in stale locks.
  • #1641761: Spurious failures in bug-1637802-arbiter-stale-data-heal-lock.t
  • #1643052: Seeing defunt translator and discrepancy in volume info when issued from node which doesn't host bricks in that volume
  • #1643075: tests/bugs/glusterd/optimized-basic-testcases-in-cluster.t failing
  • #1643929: geo-rep: gluster-mountbroker status crashes
  • #1644163: geo-rep: geo-replication gets stuck after file rename and gfid conflict
  • #1644474: afr/lease: Read child nodes from lease structure
  • #1644516: geo-rep: gluster-mountbroker status crashes
  • #1644518: [Geo-Replication] Geo-rep faulty sesion because of the directories are not synced to slave.
  • #1644524: Excessive logging in posix_update_utime_in_mdata
  • #1645363: CVE-2018-14652 glusterfs: Buffer overflow in "features/locks" translator allows for denial of service [fedora-all]
  • #1646200: CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files [fedora-all]
  • #1646806: [Geo-rep]: Faulty geo-rep sessions due to link ownership on slave volume
  • #1647667: CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]
  • #1647668: CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service [fedora-all]
  • #1647669: CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]
  • #1647670: CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]
  • #1647972: CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]
  • #1648367: crash seen while running regression, intermittently.
  • #1648938: gfapi: fix bad dict setting of lease-id
  • #1648982: packaging: don't include bd.so in rpm when --without bd