This is a security and bugfix release. This is the new stable version of Heketi [0].
An information-disclosure flaw was found in the way Heketi logs sensitive information. This flaw allows an attacker with access to the Heketi server logs to read potentially sensitive information, such as the CHAP passwords for gluster-block volumes (CVE-2020-10763). Administrators may want to check old logs for gluster-block passwords if they created block volumes with CHAP authentication enabled. Restrict access or remove old logs that retain the passwords. Thanks to Prasanna Kumar Kalever of Red Hat for finding and fixing this issue. # Changelog * Fix CVE-2020-10763 * Fix an issue removing/replacing devices on unrecoverable failed nodes * Add a flag to skip a gluster heal check when gluster can not report on heals (when a node has failed or unable to perform the required action). [0] - https://github.com/heketi/heketi/releases/tag/v10.1.0 -- John M. on behalf of the Heketi team _______________________________________________ heketi-devel mailing list heketi-devel@gluster.org https://lists.gluster.org/mailman/listinfo/heketi-devel