[ClusterLabs] Corosync 3.1.10 is available at corosync.org!

Jan Friesse jfriesse at redhat.com
Sat Nov 15 15:31:08 UTC 2025 

It's November 15th, which means we're celebrating the Day of Corosync!
There's no better way to honor this important day than with a fresh
new Corosync release.

I am pleased to announce that the latest maintenance release,
Corosync 3.1.10, is available immediately from the GitHub release
section at https://github.com/corosync/corosync/releases.

This release contains important bug fixes and improvements.
The most notable changes (in commit date order) are:

- Fixed CVE-2025-30472. It is worth noting Thomas Lamprecht's comment on
   this CVE:

   "Corosync either runs encrypted or in a trusted network,
   anything else, i.e. where this is actually a problem,
   is just gross negligence and leaks the whole cluster
   traffic already anyway."

   This should be set in stone, and every admin must keep this in mind
   when deploying a Corosync cluster.

- The configuration parser received a bunch of fixes, making it
   much more reliable and stable. Thanks to GitHub user vikk777
   for the very detailed reports and for testing the final patches.

- It is now possible to read the auto-configured mcast port from cmap
   using the key
   `runtime.config.totem.interface.<interface_number>.mcastport`.
   Thank you, Xin Liang, for this nice addition.

- The state directory can now be configured using the `STATE_DIRECTORY`
   environment   variable, which makes Image Mode support possible.
   Please note that the example spec file no longer ships
   `/var/lib/corosync` for systemd-enabled builds. The service file
   creates it automatically, but if you are using other methods to run
   corosync, you may need to create the directory beforehand. Non-systemd
   builds are unaffected.

- There were a bunch of changes to support OpenIndiana. This is a nice
   addition, as it also made the code a bit more portable.

- A new option (totem.ip_dscp) is available to configure DSCP for
   traffic prioritization. Thanks to David Hanisch for this great
   improvement.

- Kronosnet has deprecated the SCTP transport in its stable branch and
   completely removed SCTP support in its main branch. Corosync will now
   display a warning if SCTP is used with the Kronosnet stable branch, or
   disallow the use of SCTP entirely if the Kronosnet main branch is
   used.

Complete changelog for 3.1.10:

     Christine Caulfield (4):
           totemknet: Handle new knet2 datafd API
           SCTP in knet is deprecated
           Handle knet's removal of SCTP gracefully
           Unit tests for fd_get() calls

     David Hanisch (1):
           allow to use dscp for traffic prioritization

     Jan Friesse (57):
           spec: Use GitHub source URL
           totemsrp: Check size of orf_token msg
           coroparse: Check emptiness of key name
           coroparse: Mark path in parse_section as const
           coroparse: Remove unused code
           coroparse: Handle end of special sections
           coroparse: Store subsections of logger_subsys
           coroparse: Store subsections of logging_daemon
           coroparse: Don't allow sections within uidgid
           coroparse: Don't allow sections within member
           coroparse: Store key with prefix for nodelist.node
           coroparse: Fix memory leaks
           coroparse: Initialize logger_subsys_items_head
           coroparse: Remove kv_items from list
           coroparse: Implement handler for str_to_ull error
           man: Enhance description of mcastport
           exec: Add support for env STATE_DIRECTORY
           init: Use LogsDirectory in systemd unit file
           cpg: Fix signedness of munmap result
           logsys: Fix signedness of get_unblocked
           totempg: Fix signedness for result of mcast_msg
           cpg: Don't call cpg_deliver_fn if unset
           keygen: Enhance read random loop
           coverity: Suppress weak_crypto errors
           totemconfig: Suppress coverity no_effect error
           totemconfig: Suppress coverity unused_value errors
           totempg: Suppress coverity sleep error
           cpg: Add comment about potential resource leak
           coroparse: Suppress coverity toctou error
           logsys: Remove config mutex
           vsf_quorum: Include alloca header file
           cmap: Retype iovec iov_base
           pload: Retype iovec iov_base
           main: Retype iovec iov_base
           totempg: Retype iovec iov_base
           totemknet: Include ethernet.h only for nozzle
           totemknet: Handle trncated packets and msg_flags
           totemknet: Fix msg_msg_hdr typo
           cfg: Fix cfg_get_node_addrs incorrect retype
           testsam: Try to turn off coredump
           testsam: Make test work with votequorum
           testsam: Refactor test
           testsam: Add sam_finalize deadlock test
           sam: Refactor locking
           cmapctl: Check return code of cmap_set_uint32
           sam: Do not lock sam_register
           totemknet: Remove usage of struct ether_header
           configure: Remove unsupported -Wunsigned-char
           clang: Add missing void to function declarations
           totemknet: Rework truncated packet detection
           totemknet: Remove MSGHDR conditionals
           totemudpu: Rework truncated packet detection
           totemudpu: Fix weird indentation
           totemudpu: Remove MSGHDR conditionals
           totemudp: Rework truncated packet detection
           totemudp: Remove MSGHDR conditionals
           configure.ac: Remove MSGHDR fields detection

     Kefu Chai (1):
           rust: fix fd_get() pointer dereference

     vikk777 (1):
           Fix stack buffer overflow in remove_whitespace()

     xin liang (3):
           totemconfig: Store mcastport in icmap
           config: Cleanup dropped options
           man: Clarify processor scaling

Upgrade is highly recommended.

Thanks/congratulations to all people that contributed to achieve this
great milestone.

More information about the Users mailing list