Privilege escalation bug fix
This release includes a fix for a privilege escalation vulnerability in the IAM import API (#20756). All users are advised to upgrade their deployments to this release.
What's Changed
- Fix lint issues from v1.62.0 upgrade by @klauspost in #20633
- Harden internode DeadlineConn by @klauspost in #20631
- Make DeadlineConn http.Listener compatible by @klauspost in #20635
- heal/batch: Fix missing redirection to the first node by @vadmeste in #20642
- updating all dependencies as per regular cadence by @harshavardhana in #20646
- Fix 0 httpTimeout for logger webhook by @dhananjaykrutika in #20653
- Keep larger merge buffers for RPC by @klauspost in #20654
- Fixes api label casing and count value for +Inf bucket of prometheus MetricV2 histograms by @john-morales in #20656
- feat: bump github.com/cosnicolaou/pbzip2 from 1.0.3 to 1.0.5 by @orisano in #20671
- fix: Remove User should fail for a service account by @donatello in #20677
- refactor: replace experimental
mapsandsliceswith stdlib by @Juneezee in #20679 - Add the policy name to the audit logs tags when doing policy-based API calls. Add retention settings to tags by @marktheunissen in #20638
- Fix prefix validation in lifecycle rule by @dhananjaykrutika in #20684
- heal: Better reporting to mc with dangling/timeout errors by @vadmeste in #20690
- Add a test case for fix #20684 by @dhananjaykrutika in #20688
- prevent IAM cleanup errors by @ramondeklein in #20691
- Updated Console to v1.7.4 by @bexsoft in #20693
- Add 'X-Forwarded-For' to (s)FTP requests by @klauspost in #20709
- Set http server read/write timeout from --idle-timeout (#228) by @vadmeste in #20715
- heal: Single object heal to look for older versions as well (#203) by @vadmeste in #20723
- heal: Report bucket healing result correctly by @vadmeste in #20721
- Return error when attempting to create a policy with commas in name by @taran-p in #20724
- Disable mint full object tests by @klauspost in #20743
- Fixes for POST policy checks and the x-ignore implementation by @marktheunissen in #20674
- Adds AIstore documentation link by @ebozduman in #20738
- fix: groups lookup performance issue with users with lots of groups by @harshavardhana in #20740
- Upgrade Console version to v1.7.5 by @cesnietor in #20748
- fix: Privilege escalation in IAM import API by @donatello in #20756
- heal: Move CheckParts from single handler to streaming RPC by @vadmeste in #20755
- Bump golang.org/x/crypto from 0.23.0 to 0.31.0 in /docs/debugging/s3-verify by @dependabot in #20757
- fix: replace mutex with atomic by @arturmelanchyk in #20762
- fix: specify size in make by @arturmelanchyk in #20764
New Contributors
- @dhananjaykrutika made their first contribution in #20653
- @john-morales made their first contribution in #20656
- @orisano made their first contribution in #20671
- @arturmelanchyk made their first contribution in #20762
Full Changelog: RELEASE.2024-11-07T00-52-20Z...RELEASE.2024-12-13T22-19-12Z