Safety vulnerability ID: 64142
The information on this page was manually curated by our Cybersecurity Intelligence Team.
Rucio 1.20.0 updates its SQLAlchemy dependency from version 1.2.16 to 1.3.3, in response to the security vulnerability identified as CVE-2019-7164.
https://github.com/rucio/rucio/commit/122fd9cdc59c2e3e058a2b4fecef328d4d80029b
Latest version: 36.0.0
Rucio Package
Long Term Support (LTS)
This release marks the start of the 1.20 **Long Term Support (LTS)** release line. This release line will be supported with security and critical patches until at least **June 2021**.
Upgrade Instructions
This feature release requires a database schema upgrade. Please consult the [documentation](https://rucio.readthedocs.io/en/latest/database.html) about upgrading your database schema.
The following changes are necessary and are covered by the `alembic upgrade head` command:
1. Changing size of `extended_attributes` column in `rse_protocols` table (Alembic revision `8523998e2e76`)
2. Adding `comments` column to `subscriptions_history` table (Alembic revision `b8caac94d7f0`)
3. Removal of replica state `SOURCE (S)` since it is not used (Alembic revision `b7d287de34fd`)
- Adapting `REPLICAS_STATE_CHK` constraint in `replicas` table
- Adapting `COLLECTION_REPLICAS_STATE_CHK` constraint in `collection_replicas` table
4. Adding new column to `heartbeats` table (Alembic revision `cebad904c4dd`)
- Adding `payload` column
- Dropping `HEARTBEATS_UPDATED_AT` index
5. Adding `volume` column to `rse_transfer_limits` table (Alembic revision `2cbee484dcf9`)
The following change is only executed on PostgreSQL databases:
1. Changing all ENUM column types to varchar and adding the respective constraint checks (Alembic revision `f1b14a8c2ac1`)
General
Features
- Core & Internals: Size of the "extended_attributes" field of the "rse_protocols" table 1543
- Core & Internals: Bring S3 and Swift signature support in line with rest of code 1787
- Core & Internals: Changing sql-alchemy enginge to create PostgreSQL check_constraints instead of ENUMS 2436
- Core & Internals: Include payload functionality in heartbeats 2443
- Deletion: Use signed URLs when deleting from object stores 2411
- Recovery: Automatic recovery of suspicious files that have more than one replica 403
- Release management: Alembic script for comments column in subscription_history table needed 2238
- Release management: Security vulnerability with Jinja2 CVE-2019-10906 2493
- Release management: Security vulnerability with SQLAlchemy CVE-2019-7164 2494
- Transfers: Throttler mechanic to release transfers based on a strategy (FIFO) 2220
Enhancements
- Core & Internals: ReplicaState.SOURCE is not used and should be removed 1874
- Core & Internals: Upgrade of CHECK_CONSTRAINT of replicas table missing in alembic revision b96a1c7e1cc4 2166
- Dataset deletion: Pause dids in the undertaker which raise nowait errors 2355
- Probes & Alarms: Migrate Nagios probes to a separate repository 1638
- Recovery: Optimize the update of the final states in the necromancer 2601
- Release management: Adress security in pycrpyto 1475
- Release management: Dependency upgrade for 1.20.0 2460
- Release management: Security vulnerability with urllib3 CVE-2019-11324 2501
Bugs
- Infrastructure: wrong configuration docker dev 2576
- Infrastructure: double requirement definition 2579
- Rebalancing: File size not returned in decomission mode 2591
- Testing: Test error with python3.6.3 2154
- Testing: Fix Python 3.6 syntax test 2496
- Testing: wrong python version in python3 travis test 2541
Clients
Features
- Clients: Implement pcaches into clients. 2039
Enhancements
- Clients: Client: expose replicalocks to client 2112
Bugs
- Clients: Compiling issues with Python 3 (3.6.8) and hash sum calculation 2480
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application