Highlights
- Information Disclosure in Cluster Deployment
- Privilege Escalation on Linux/MacOS
- Privilege Escalation on Windows via Path separator manipulation
What's Changed
- Update audit log flow to use new headers with unit by @nitisht in #16797
- restore rotating root credentials properly by @harshavardhana in #16812
- remove unncessary logs from WalkDir(), PutObject() by @harshavardhana in #16818
- update go dependencies by @harshavardhana in #16798
- fix: return appropriate Location header for MakeBucket() by @harshavardhana in #16820
- debug: new tool to reorder local erasure disks by @vadmeste in #16816
- support decommissioning of tiered objects by @poornas in #16751
- Add enable flag for LDAP IDP config by @donatello in #16805
- simplify error responses for KMS by @harshavardhana in #16793
- Added query parameter
srcto diag upload if callhome enabled by @shtripat in #16837 - reduce 250ms to 50ms retry looking for metacache block by @harshavardhana in #16795
- Save bootstrap trace events in a circular buffer by @krisis in #16823
- Add support for batch job cancellation by @poornas in #16843
- fix: post policy request security bypass by @donatello in #16849
- fix: convert '' to '/' on windows by @harshavardhana in #16852
- Add test for fixed post policy exploit by @donatello in #16855
- allow bootstrapping to validate internode tokens by @harshavardhana in #16853
- add crash protection from backend modifications by @harshavardhana in #16846
- reject object names with '' on windows by @harshavardhana in #16856
- Use the official pub key to always verify binary by @donatello in #16857
Full Changelog: RELEASE.2023-03-13T19-46-17Z...RELEASE.2023-03-20T20-16-18Z