Authors/ChangeLog for 2.30.1
Change-Id: I4786371314daa3f37e33f97defed43d1cec887ba
This commit is contained in:
parent
041cb672e8
commit
fbec7694e5
1
.mailmap
1
.mailmap
|
@ -134,3 +134,4 @@ Gilles Biannic <gilles.biannic@corp.ovh.com> gillesbiannic
|
|||
melissaml <ma.lei@99cloud.net> <malei@maleideMacBook-Pro.local>
|
||||
Ashwin Nair <nairashwin952013@gmail.com> indianwhocodes
|
||||
Romain de Joux <romain.de-joux@ovhcloud.com> <romain.de-joux@corp.ovh.com>
|
||||
Takashi Natsume <takanattie@gmail.com> <natsume.takashi@lab.ntt.co.jp>
|
||||
|
|
3
AUTHORS
3
AUTHORS
|
@ -40,6 +40,7 @@ Aaron Rosen (arosen@nicira.com)
|
|||
Ade Lee (alee@redhat.com)
|
||||
Adrian Smith (adrian_f_smith@dell.com)
|
||||
Adrien Pensart (adrien.pensart@corp.ovh.com)
|
||||
afariasa (afariasa@redhat.com)
|
||||
Akihiro Motoki (amotoki@gmail.com)
|
||||
Akihito Takai (takaiak@nttdata.co.jp)
|
||||
Alex Gaynor (alex.gaynor@gmail.com)
|
||||
|
@ -399,7 +400,7 @@ Steve Martinelli (stevemar@ca.ibm.com)
|
|||
Steven Lang (Steven.Lang@hgst.com)
|
||||
Sushil Kumar (sushil.kumar2@globallogic.com)
|
||||
Takashi Kajinami (tkajinam@redhat.com)
|
||||
Takashi Natsume (natsume.takashi@lab.ntt.co.jp)
|
||||
Takashi Natsume (takanattie@gmail.com)
|
||||
TheSriram (sriram@klusterkloud.com)
|
||||
Thiago da Silva (thiagodasilva@gmail.com)
|
||||
Thibault Person (thibault.person@ovhcloud.com)
|
||||
|
|
13
CHANGELOG
13
CHANGELOG
|
@ -1,4 +1,15 @@
|
|||
swift (2.30.0)
|
||||
swift (2.30.1, zed stable backports)
|
||||
|
||||
* Fixed a security issue in how `s3api` handles XML parsing that allowed
|
||||
authenticated S3 clients to read arbitrary files from proxy servers.
|
||||
Refer to CVE-2022-47950 for more information.
|
||||
|
||||
* Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
|
||||
and 3.10.6 that could cause some `domain_remap` requests to be routed to
|
||||
the wrong object.
|
||||
|
||||
|
||||
swift (2.30.0, OpenStack Zed)
|
||||
|
||||
* Sharding improvements
|
||||
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
---
|
||||
security:
|
||||
- |
|
||||
Fixed a security issue in how ``s3api`` handles XML parsing that allowed
|
||||
authenticated S3 clients to read arbitrary files from proxy servers.
|
||||
Refer to `CVE-2022-47950 <https://cve.circl.lu/cve/CVE-2022-47950>`__
|
||||
for more information.
|
||||
|
||||
fixes:
|
||||
- |
|
||||
Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
|
||||
and 3.10.6 that could cause some ``domain_remap`` requests to be routed to
|
||||
the wrong object.
|
Loading…
Reference in New Issue