Safety vulnerability ID: 64144
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Rucio 1.19.0.post2 upgrades its Paramiko dependency from version 2.4.1 to 2.4.2, addressing the security vulnerability CVE-2018-1000805.
https://github.com/rucio/rucio/pull/1649/commits/0077bb6c80f5f8e49e47294375b41e6af051fc0b
Latest version: 36.0.0
Rucio Package
Upgrade Instructions
This feature release requires a database schema upgrade. Please consult the [documentation](https://rucio.readthedocs.io/en/latest/database.html) about upgrading your database schema.
The following changes are necessary and are covered by the `alembic upgrade head` command:
1. `bad_replicas_table` changes (Alembic revision `b96a1c7e1cc4`)
- New `expires_at` column.
- Primary key change.
- New `BAD_REPLICAS_EXPIRES_AT_IDX` Index.
- Constraint `BAD_REPLICAS_STATE_CHK` change.
1. New `bad_pfns` table (Alembic revision `b96a1c7e1cc4`)
1. Change of `rse_attr_map` and `account_attr_map` boolean values (Alembic revision `9eb936a81eb1`)
- `True` to `true`
- `False` to `false`
1. Changes in history tables (Alembic revision `bf3baa1c1474`)
- Drop of Primary Key `CONTENTS_HIST_PK` for table `contents_history`.
- Drop of Primary Key `ARCH_CONTENTS_HISOTRY_PK` for table `archive_contents_history`.
- Creation of Index `ARCH_CONT_HIST_IDX` for table `archive_contents_history`.
- Drop of Primary Key `RULES_HIST_RECENT_PK` for table `rules_hist_recent`.
- Drop of column `history_id` for table `rules_hist_recent`.
- Drop of Primary Key `RULES_HIST_LONGTERM_PK` for table `rules_history`.
- Drop of column `history_id` for table `rules_history`.
- Drop of Primary Key `MESSAGES_HIST_ID_PK` for table `messages_history`.
1. Adding of new `payload_nolimit` column to messages tables (Alembic revision `90f47792bb76`)
- Add column `payload_nolimit` to table `messages`.
- Add column `payload_nolimit` to table `messages_history`.
1. Change of constraint `RULES_NOTIFICATION_CHK` for `rules` (Alembic revision `01eaf73ab656`)
1. Change of Primary Key `REPLICAS_PK` for table `replicas` (Alembic revision `3345511706b8`)
The following change are necessary and are **NOT** covered by the `alembic upgrade head` command:
1. The boolean values upgrade on the `rse_attr_map` and `account_attr_map` tables from `0` to `false` and `1` to `true` need to be executed manually, since the script cannot distinguish between the integer or boolean interpretation of the attribute. It is very important that you only upgrade `0` and `1` which actually correspond to boolean values, otherwise functionality might be degraded (Alembic revision `9eb936a81eb1`)
1. The `rucio-conveyor-transfer-submitter` daemon was removed with this release. The functionality is fully covered by the `rucio-conveyor-submitter`.
General
Features
- Core & Internals: Mark replicas as temporarily unavailable 1550
- Core & Internals: PK in history tables mostly wrong 1818
- Core & Internals: Limit the maximum space usage on an RSE 1965
- Core & Internals: Messages payload are limited to 4000 characters and throw exception 48
- Core & Internals: json based import for RSEs, protocols, distances 716
- Rules: New Rule Notification Mode 1922
- Transfers: Remove conveyor-transfer-submitter 1632
Enhancements
- Clients: Allow upload of replicas to non-det RSEs by users 1172
- Core & Internals: Core migration to python3 1912
- Core & Internals: Daemon migration to python3 1924
- Core & Internals: fix last python3 incompatibilities 1961
- Core & Internals: Add missing wsgi alias for import/export 1990
- Messaging: improve connection handling to broker 1479
- Rebalancing: bb8 - replacing sql query with sql alchemy 1861
- Rebalancing: BB8 should avoid reducing the replication factor of a dataset 484
- Release management: Address security issue in paramiko due to CVE-2018-1000805 1646
- Release management: Upgrade of dependencies for 1.19.0 2028
- Release management: Rucio py3 compatibility 67
- Testing: switch oracle image for travis tests 2010
- Traces: kronos: activemq connect is missing wait=True 321
Bugs
- Core & Internals: Primary Key for replicas table is in wrong order in models.py 1749
- Core & Internals: list-rse-usage with --show-accounts does not work 2040
- Deletion: The reaper may ignore some rses if there is more than one rse handled per thread 1729
- Deletion: Reaper crashes if no RSEs are defined 1917
- Documentation: Documentation build fails 1774
- Documentation: Broken links in documentation sidebar 2065
- Probes & Alarms: The FTS probe sometimes doesn't whitelist a SE after the end of downtime 2015
- Probes & Alarms: Synchronisation with VOMS fails under Nagios due to non-ASCII characters 2051
- Rebalancing: BB8 crash with RSEBlacklisted exception 313
- Release management: Define stricter depdency ranges for pip-requires-client 1692
- Transfers: REST call for requests is broken by '/' in DIDs 1791
Clients
Features
- Clients: Expose request details (e.g. FTS job ID) to the client 1786
Enhancements
- Clients: rucio download should be able to use locally cached metalink 1415
- Clients: Handling of istape=False in the client 1455
- Clients: fix python3 incompatibilities not found by pylint 2020
Bugs
- Clients: authentication type selection safeguard 2006
WebUI
Enhancements
- WebUI: View for suspicious files 2054
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application