[ClusterLabs] Pacemaker 2.0.2-rc1 now available
Ken Gaillot
kgaillot at redhat.com
Wed Apr 24 21:25:34 EDT 2019
Source code for the first release candidate for Pacemaker version 2.0.2
is now available at:
https://github.com/ClusterLabs/pacemaker/releases/tag/Pacemaker-2.0.2-rc1
This is primarily a security release, with stricter two-way
authentication of inter-process communication. The most significant
issue this fixes is a privilege escalation vulnerability allowing an
attacker with login access on a node to use an impostor pacemaker
subdaemon to gain root privileges if pacemaker is started after the
impostor.
Since this is a security release, I'm planning on a shorter cycle than
normal, maybe 4-6 weeks before final release. Basically rc1 will remain
unchanged unless we find regressions.
Besides security fixes, this release has some helpful bug fixes and a
few small features:
* crm_resource --validate can now be run using resource parameters from
the command line rather than the CIB, so configurations can be tested
before trying to add them
* crm_resource --clear now prints out any cleared constraints, so you
know when it did something
* A new HealthIOWait resource agent is available for tracking node
health based on CPU I/O wait
* A couple of experimental features discussed earlier on this list: a
new tool crm_rule can check for rule expiration, and stonith_admin now
supports XML output for easier machine parsing.
For more details about changes in this release, please see the change
log:
https://github.com/ClusterLabs/pacemaker/blob/2.0/ChangeLog
Everyone is encouraged to download, compile and test the new release.
We do many regression tests and simulations, but we can't cover all
possible use cases, so your feedback is important and appreciated.
Many thanks to all contributors of source code to this release,
including Chris Lumens, Gao,Yan, Jan Pokorný, Jehan-Guillaume de
Rorthais, Ken Gaillot, Klaus Wenninger, and Maciej Sobkowiak.
A 1.1.21-rc1 with selected backports from this release will also be
released soon.
--
Ken Gaillot <kgaillot at redhat.com>
More information about the Users
mailing list