From: Peter Amstutz Date: Wed, 21 Sep 2022 21:09:02 +0000 (-0400) Subject: Add upgrade notes for 2.4.3 X-Git-Tag: 2.4.3^0 X-Git-Url: https://git.arvados.org/arvados.git/commitdiff_plain/1adc1e6b8ae357992d39c6b6bc1bc16192a94d9c?hp=278076e84c7ea6d99f8ca4020688d52d7518ceee Add upgrade notes for 2.4.3 refs #19532 Arvados-DCO-1.1-Signed-off-by: Peter Amstutz --- diff --git a/doc/admin/upgrading.html.textile.liquid b/doc/admin/upgrading.html.textile.liquid index 1eedb3000f..455db9e40e 100644 --- a/doc/admin/upgrading.html.textile.liquid +++ b/doc/admin/upgrading.html.textile.liquid @@ -28,6 +28,22 @@ TODO: extract this information based on git commit messages and generate changel
+h2(#v2_4_2). v2.4.3 (2022-09-21) + +"previous: Upgrading to 2.4.2":#v2_4_2 + +h3. Fixed PAM authentication security vulnerability + +In Arvados 2.4.2 and earlier, when using PAM authentication, if a user +presented valid credentials but the account is disabled or otherwise +not allowed to access the host, it would still be accepted for access +to Arvados. From 2.4.3 onwards, Arvados now also checks that the +account is permitted to access the host before completing the PAM login +process. + +Other authentication methods (LDAP, OpenID Connect) are not affected +by this flaw. + h2(#v2_4_2). v2.4.2 (2022-08-09) "previous: Upgrading to 2.4.1":#v2_4_1 diff --git a/tools/arvbox/bin/arvbox b/tools/arvbox/bin/arvbox index 5ea5573ac8..7339668c80 100755 --- a/tools/arvbox/bin/arvbox +++ b/tools/arvbox/bin/arvbox @@ -61,7 +61,7 @@ if test -z "$WORKBENCH2_BRANCH" ; then fi # Update this to the docker tag for the version on releases. -DEFAULT_TAG=2.4.2 +DEFAULT_TAG=2.4.3 PG_DATA="$ARVBOX_DATA/postgres" VAR_DATA="$ARVBOX_DATA/var" diff --git a/tools/salt-install/provision.sh b/tools/salt-install/provision.sh index 512a4932a6..ac3b8bf722 100755 --- a/tools/salt-install/provision.sh +++ b/tools/salt-install/provision.sh @@ -198,7 +198,7 @@ CUSTOM_CERTS_DIR="${SCRIPT_DIR}/local_config_dir/certs" # The "local.params.example.*" files already set "RELEASE=production" # to deploy production-ready packages RELEASE="production" -VERSION="2.4.2-1" +VERSION="2.4.3-1" # These are arvados-formula-related parameters # An arvados-formula tag. For a stable release, this should be a