diff options
| author | Sage Weil <sage@inktank.com> | 2014-04-04 21:59:41 +0200 |
|---|---|---|
| committer | Sage Weil <sage@inktank.com> | 2014-04-04 21:59:41 +0200 |
| commit | 4aef403dbc2ba3dd572d13c43b5192f04941dc07 (patch) | |
| tree | 12b9e94dd7b14b4889ed7d16ec25d6753cf2dbc0 | |
| parent | mon: MonCommands.h: have 'auth' read-only operations require 'x' cap (diff) | |
| download | ceph-4aef403dbc2ba3dd572d13c43b5192f04941dc07.tar.xz ceph-4aef403dbc2ba3dd572d13c43b5192f04941dc07.zip | |
doc/release-notes: note about emperor backport of mon auth fix
Signed-off-by: Sage Weil <sage@inktank.com>
| -rw-r--r-- | doc/release-notes.rst | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/doc/release-notes.rst b/doc/release-notes.rst index ccf0998d9bc..a589c1f498d 100644 --- a/doc/release-notes.rst +++ b/doc/release-notes.rst @@ -1018,6 +1018,24 @@ Notable Changes * rgw: support for password (instead of admin token) for keystone authentication (Christophe Courtaut) * sysvinit, upstart: prevent both init systems from starting the same daemons (Josh Durgin) +v0.72.3 Emperor (pending release) +================================= + +Upgrading +--------- + +* Monitor 'auth' read-only commands now expect the user to have 'rx' caps. + This is the same behavior that was present in dumpling, but in emperor + and more recent development releases the 'r' cap was sufficient. Note that + this backported security fix will break mon keys that are using the following + commands but do not have the 'x' bit in the mon capability:: + + ceph auth export + ceph auth get + ceph auth get-key + ceph auth print-key + ceph auth list + v0.72.2 Emperor =============== |