From 12cfc64e4c02cd378bdfd62a31d71401df8088c4 Mon Sep 17 00:00:00 2001 From: Joao Fernandes Date: Thu, 20 Jul 2017 14:13:02 -0700 Subject: [PATCH] Release UCP 2.1.6/2.0.4, DTR 2.2.7, 2.1.7 (#3935) --- _config.yml | 4 +- _data/ddc_offline_files.yaml | 8 +++ datacenter/dtr/2.1/guides/release-notes.md | 12 +++++ .../dtr/2.2/guides/release-notes/index.md | 13 +++++ datacenter/ucp/2.0/guides/release-notes.md | 12 +++++ .../ucp/2.1/guides/release-notes/index.md | 54 +++++++++++++++++++ 6 files changed, 101 insertions(+), 2 deletions(-) diff --git a/_config.yml b/_config.yml index 5121d3b4e4..c2d45549de 100644 --- a/_config.yml +++ b/_config.yml @@ -95,7 +95,7 @@ defaults: scope: path: "datacenter" values: - ucp_latest_image: "docker/ucp:2.1.4" + ucp_latest_image: "docker/ucp:2.1.5" dtr_latest_image: "docker/dtr:2.2.6" - scope: @@ -124,7 +124,7 @@ defaults: values: ucp_version: "2.1" dtr_version: "2.2" - docker_image: "docker/ucp:2.1.4" + docker_image: "docker/ucp:2.1.5" - scope: path: "datacenter/ucp/2.0" diff --git a/_data/ddc_offline_files.yaml b/_data/ddc_offline_files.yaml index 95f31234f0..c39f050368 100644 --- a/_data/ddc_offline_files.yaml +++ b/_data/ddc_offline_files.yaml @@ -6,6 +6,8 @@ - ucp-version: "2.1" tar-files: + - description: "UCP 2.1.5" + url: https://packages.docker.com/caas/ucp_images_2.1.5.tar.gz - description: "UCP 2.1.4" url: https://packages.docker.com/caas/ucp_images_2.1.4.tar.gz - description: "UCP 2.1.3" @@ -16,6 +18,8 @@ url: https://packages.docker.com/caas/ucp_images_2.1.1.tar.gz - description: "UCP 2.1.0" url: https://packages.docker.com/caas/ucp_images_2.1.0.tar.gz + - description: "DTR 2.2.7" + url: https://packages.docker.com/caas/dtr-2.2.7.tar.gz - description: "DTR 2.2.6" url: https://packages.docker.com/caas/dtr-2.2.6.tar.gz - description: "DTR 2.2.5" @@ -32,10 +36,14 @@ url: https://packages.docker.com/caas/dtr-2.2.0.tar.gz - ucp-version: "2.0" tar-files: + - description: "UCP 2.0.4" + url: https://packages.docker.com/caas/ucp_images_2.0.4.tar.gz - description: "UCP 2.0.3" url: https://packages.docker.com/caas/ucp_images_2.0.3.tar.gz - description: "UCP 2.0.2" url: https://packages.docker.com/caas/ucp_images_2.0.2.tar.gz + - description: "DTR 2.1.7" + url: https://packages.docker.com/caas/dtr-2.1.7.tar.gz - description: "DTR 2.1.6" url: https://packages.docker.com/caas/dtr-2.1.6.tar.gz - description: "DTR 2.1.5" diff --git a/datacenter/dtr/2.1/guides/release-notes.md b/datacenter/dtr/2.1/guides/release-notes.md index a1c907176e..6ab847fbcc 100644 --- a/datacenter/dtr/2.1/guides/release-notes.md +++ b/datacenter/dtr/2.1/guides/release-notes.md @@ -13,6 +13,18 @@ known issues for each DTR version. You can then use [the upgrade instructions](install/upgrade.md), to upgrade your installation to the latest release. +## DTR 2.1.7 + +(17 July 2017) + +**Bugs fixed** + +* Fixed registry DoS vulnerability. CVE-2017-11468. Severity: high +* Fixed small memory leak when handling batch jobs. Severity: small + +**General improvements** +* Added registry pprof endpoint if pprof is enabled. + ## DTR 2.1.6 (13 April 2017) diff --git a/datacenter/dtr/2.2/guides/release-notes/index.md b/datacenter/dtr/2.2/guides/release-notes/index.md index 3f10d8fee4..bcd3aeef91 100644 --- a/datacenter/dtr/2.2/guides/release-notes/index.md +++ b/datacenter/dtr/2.2/guides/release-notes/index.md @@ -12,6 +12,19 @@ known issues for each DTR version. You can then use [the upgrade instructions](../admin/upgrade.md), to upgrade your installation to the latest release. +## DTR 2.2.7 + +(17 July 2017) + +**Bugs fixed** + +* Fixed registry DoS vulnerability. CVE-2017-11468. Severity: high +* Fix issue with `docker/dtr` operations in UCP clusters with failed nodes. +This prevented DTR from being installed or reconfigured. Severity: medium +* Silenced incorrect error log in registry container. Severity: low +* Remove unused permissions dropdown on teams pages. Severity: low + + ## DTR 2.2.6 (3 July 2017) diff --git a/datacenter/ucp/2.0/guides/release-notes.md b/datacenter/ucp/2.0/guides/release-notes.md index 63598321b8..21ea277750 100644 --- a/datacenter/ucp/2.0/guides/release-notes.md +++ b/datacenter/ucp/2.0/guides/release-notes.md @@ -12,6 +12,18 @@ known issues for the latest UCP version. You can then use [the upgrade instructions](installation/upgrade.md), to upgrade your installation to the latest release. +## Version 2.0.4 + +(17 July 2017) + +**Security Update** + +* Remediated a privilege escalation where an authenticated user could obtain +admin-level privileges + +This issue affects UCP versions 2.0.0-2.0.3 and 2.1.0-2.1.4. The were discovered +by our development team during internal testing. + ## Version 2.0.3 (8 Feb 2017) diff --git a/datacenter/ucp/2.1/guides/release-notes/index.md b/datacenter/ucp/2.1/guides/release-notes/index.md index 7007011f51..e43958b8e2 100644 --- a/datacenter/ucp/2.1/guides/release-notes/index.md +++ b/datacenter/ucp/2.1/guides/release-notes/index.md @@ -12,6 +12,60 @@ known issues for the latest UCP version. You can then use [the upgrade instructions](../admin/upgrade.md), to upgrade your installation to the latest release. +## Version 2.1.5 + +(20 July 2017) + +**Security Update** + +* Remediated a privilege escalation where an authenticated user could obtain +admin-level privileges + +This issue affects UCP versions 2.0.0-2.0.3 and 2.1.0-2.1.4. It was discovered +by our development team during internal testing + +**Bug Fixes** + +* Core + * Fixed an issue where clients misusing the events API (e.g. slowly reading + or failing to read events) leads to unresponsive behavior from the cluster + * Fixed an issue where app services pulling DTR private images using + integrated single-sign-on would fail due to token expiration + * UCP resource metrics now correctly display CPU utilization on newer Linux + kernels + * Fixed an issue where UCP incorrectly reported 100% memory usage on a node + due to the usage of memory constraints on containers + * Network and volume label filters now work correctly on UCP (for example + when using `docker volume ls --filter label="foo"="bar")` + * UCP can now be installed correctly when SELinux enforcement mode is + enabled (e.g. `--selinux-enabled`) + * Fixed an issue where rejoining (or demoting and promoting) a manager node + caused `ucp-kv` to become unhealthy due to a stale KV cache + * UCP now exposes a Registry field in `docker info` output, so that + deploying with registry credentials (e.g. `docker stack deploy --with-registry-auth` + now works correctly + * UCP now reports percentage progress while pulling images + * `docker images -f dangling=true` now correctly lists untagged `` + images instead of listing all images + * Added a network diagnostic tool to `ucp-dsinfo` image to aid in troubleshooting + issues related to overlay networks + * Added additional diagnostic information about `docker stacks` to support dumps + for troubleshooting purposes + * UCP now provides a more informative warning banner and clearer logs when + `ucp-auth-store` is unhealthy + * Reduced the default cache size for `ucp-auth-store` to free up memory on the UCP manager. + This cache can be adjusted via the `RethinkDBCacheSize` parameter in the UCP Config API + * Various performance improvements made to `ucp-auth-store` to reduce overhead when the API + is being repeatedly accessed in a short period of time + * Fixed an issue where one `ucp-auth-store` instances would fail to join the HA + cluster if started in the wrong order + * Fixed an issue where a UCP manager might get stuck in a restart loop due to + being unable to correctly access the root CA + * Fixed an issue where users with view-only permissions received an access denied + error when attempting to deploy stacks via the Compose UI, despite having been granted + label access to do so + + ## Version 2.1.4 (4 May 2017)