Security update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python

Announcement ID: SUSE-SU-2021:1962-1
Rating: moderate
References:
Cross-References:
CVSS scores:
  • CVE-2017-11481 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
  • CVE-2017-11481 ( NVD ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2017-11499 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2017-11499 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2018-18623 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2018-18623 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2018-18624 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2018-18624 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2018-18625 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2018-18625 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2018-19039 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2018-19039 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-15043 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
  • CVE-2019-15043 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2019-25025 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2019-25025 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2020-10743 ( SUSE ): 3.9 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N
  • CVE-2020-10743 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
  • CVE-2020-11110 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2020-11110 ( NVD ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • CVE-2020-12052 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
  • CVE-2020-12052 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2020-13379 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-13379 ( NVD ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
  • CVE-2020-17516 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-17516 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2020-24303 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
  • CVE-2020-24303 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
  • CVE-2020-29651 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
  • CVE-2020-29651 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-21238 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
  • CVE-2021-21238 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
  • CVE-2021-21239 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
  • CVE-2021-21239 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
  • CVE-2021-23336 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
  • CVE-2021-23336 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:H
  • CVE-2021-27358 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-27358 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  • CVE-2021-28658 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-28658 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
  • CVE-2021-31542 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-31542 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-33203 ( NVD ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
  • CVE-2021-33571 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
  • CVE-2021-33571 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products:
  • SUSE Linux Enterprise Server 12 SP4
  • SUSE OpenStack Cloud 9
  • SUSE OpenStack Cloud Crowbar 9

An update that solves 23 vulnerabilities and contains two features can now be installed.

Description:

This update for ardana-neutron, ardana-swift, cassandra, crowbar-openstack, grafana, kibana, openstack-dashboard, openstack-ironic, openstack-neutron, openstack-neutron-gbp, openstack-nova, python-Django1, python-py, python-pysaml2, python-xmlschema, rubygem-activerecord-session_store, venv-openstack-keystone contains the following fixes:

Security fixes included in this update:

cassandra: - CVE-2020-17516: Fixed an issue where encryption between nodes was not enforced correctly for certain internode_encryption settings (bsc#1181689)

grafana: - CVE-2018-18623, CVE-2018-18624, CVE-2018-18625: Fixed multiple cross site scripting vulnerabilities in the dashboard. (bsc#1172450) - CVE-2021-27358: Fixed a denial of service via remote API call. (bsc#1183803) - CVE-2019-15043: Fixed a denial of service by an unauthenticated user in the snapshot HTTP API (bsc#1148383) - CVE-2020-13379: Fixed an information leak to unauthenticated users. (bsc#1172409) - CVE-2020-12052: Fixed a cross site scripting vulnerability with the annotation popup (bsc#1170657) - CVE-2018-19039: Fixed an issue where a privileged user could exfiltrate files (bsc#1115960) - CVE-2020-11110: Fixed a stored cross site scripting vulnerability. (bsc#1174583) - CVE-2020-24303: Fixed a cross site scripting vulnerability in a query alias for ElasticSearch datasources (bsc#1178243)

kibana: - CVE-2017-11499: Fixed a vulnerability in nodejs, related to the HashTable implementation, which could cause a denial of service. (bsc#1044849) - CVE-2017-11481: Fixed a cross site scripting vulnerability via via URL fields. (bsc#1044849) - CVE-2020-10743: Fixed a clickjacking issue because X-Frame-Option was not used by default. (bsc#1171909)

python-Django: - CVE-2021-23336: Fixed a web cache poisoning via django.utils.http.limited_parse_qsl(). (bsc#1182433) - CVE-2021-28658: Fixed a directory traversal via uploaded files. (bsc#1184148) - CVE-2021-31542: Fixed a directory traversal via uploaded files with suitably crafted file names. (bsc#1185623) - CVE-2021-33203: Fixed potential path-traversal via admindocs' TemplateDetailView. (bsc#1186608) - CVE-2021-33571: Tighten validator checks to not allow leading zeros in IPv4 addresses, which potentially leads to further attacks. (bsc#1186611)

python-py: - CVE-2020-29651: Fixed a denial of service via regular expressions. (bsc#1179805)

python-pysaml2: - CVE-2021-21238: Fixed improper verification of cryptographic signatures for signed SAML documents. (bsc#1181277) - CVE-2021-21239: Fixed improper verification of cryptographic signatures when using CryptoBackendXmlSec1(). (bsc#1181278)

rubygem-activerecord-session_store: - CVE-2019-25025: Fixed a timing attacks targeting the session id which could allow an attack to hijack sessions. (bsc#1183174)

Non-security changes included in this update:

Changes in ardana-neutron: - Update to version 9.0+git.1615223676.777f0b3: * Allow users to stop monitoring rootwrap daemon (bsc#1182317)

Changes in ardana-swift: - Update to version 9.0+git.1618235096.90974ed: * Run swiftlm-scan in the UTC timezone (bsc#1181690)

Changes in cassandra: - update to 3.11.10 (bsc#1181689, CVE-2020-17516)
* Fix digest computation for queries with fetched but non queried columns (CASSANDRA-15962) * Reduce amount of allocations during batch statement execution (CASSANDRA-16201) * Update jflex-1.6.0.jar to match upstream (CASSANDRA-16393) * Fix DecimalDeserializer#toString OOM (CASSANDRA-14925) * Rate limit validation compactions using compaction_throughput_mb_per_sec (CASSANDRA-16161) * SASI's max_compaction_flush_memory_in_mb settings over 100GB revert to default of 1GB (CASSANDRA-16071) * Prevent unbounded number of pending flushing tasks (CASSANDRA-16261) * Improve empty hint file handling during startup (CASSANDRA-16162) * Allow empty string in collections with COPY FROM in cqlsh (CASSANDRA-16372) * Fix skipping on pre-3.0 created compact storage sstables due to missing primary key liveness (CASSANDRA-16226) * Extend the exclusion of replica filtering protection to other indices instead of just SASI (CASSANDRA-16311) * Synchronize transaction logs for JBOD (CASSANDRA-16225) * Fix the counting of cells per partition (CASSANDRA-16259) * Fix serial read/non-applying CAS linearizability (CASSANDRA-12126) * Avoid potential NPE in JVMStabilityInspector (CASSANDRA-16294) * Improved check of num_tokens against the length of initial_token (CASSANDRA-14477) * Fix a race condition on ColumnFamilyStore and TableMetrics (CASSANDRA-16228) * Remove the SEPExecutor blocking behavior (CASSANDRA-16186) * Fix invalid cell value skipping when reading from disk (CASSANDRA-16223) * Prevent invoking enable/disable gossip when not in NORMAL (CASSANDRA-16146) * Wait for schema agreement when bootstrapping (CASSANDRA-15158) * Fix the histogram merge of the table metrics (CASSANDRA-16259) * Synchronize Keyspace instance store/clear (CASSANDRA-16210) * Fix ColumnFilter to avoid querying cells of unselected complex columns (CASSANDRA-15977) * Fix memory leak in CompressedChunkReader (CASSANDRA-15880) * Don't attempt value skipping with mixed version cluster (CASSANDRA-15833) * Avoid failing compactions with very large partitions (CASSANDRA-15164) * Make sure LCS handles duplicate sstable added/removed notifications correctly (CASSANDRA-14103) * Fix OOM when terminating repair session (CASSANDRA-15902) * Avoid marking shutting down nodes as up after receiving gossip shutdown message (CASSANDRA-16094) * Check SSTables for latest version before dropping compact storage (CASSANDRA-16063) * Handle unexpected columns due to schema races (CASSANDRA-15899) * Add flag to ignore unreplicated keyspaces during repair (CASSANDRA-15160) * Package tools/bin scripts as executable (CASSANDRA-16151) * Fixed a NullPointerException when calling nodetool enablethrift (CASSANDRA-16127) * Correctly interpret SASI's max_compaction_flush_memory_in_mb setting in megabytes not bytes (CASSANDRA-16071) * Fix short read protection for GROUP BY queries (CASSANDRA-15459) * Frozen RawTuple is not annotated with frozen in the toString method (CASSANDRA-15857) Merged from 3.0: * Use IF NOT EXISTS for index and UDT create statements in snapshot schema files (CASSANDRA-13935) * Fix gossip shutdown order (CASSANDRA-15816) * Remove broken 'defrag-on-read' optimization (CASSANDRA-15432) * Check for endpoint collision with hibernating nodes (CASSANDRA-14599) * Operational improvements and hardening for replica filtering protection (CASSANDRA-15907) * stop_paranoid disk failure policy is ignored on CorruptSSTableException after node is up (CASSANDRA-15191) * Forbid altering UDTs used in partition keys (CASSANDRA-15933) * Fix empty/null json string representation (CASSANDRA-15896) * 3.x fails to start if commit log has range tombstones from a column which is also deleted (CASSANDRA-15970) * Handle difference in timestamp precision between java8 and java11 in LogFIle.java (CASSANDRA-16050) Merged from 2.2: * Fix CQL parsing of collections when the column type is reversed (CASSANDRA-15814) * Only allow strings to be passed to JMX authentication (CASSANDRA-16077) * Fix cqlsh output when fetching all rows in batch mode (CASSANDRA-15905) * Upgrade Jackson to 2.9.10 (CASSANDRA-15867) * Fix CQL formatting of read command restrictions for slow query log (CASSANDRA-15503) * Allow sstableloader to use SSL on the native port (CASSANDRA-14904) * Backport CASSANDRA-12189: escape string literals (CASSANDRA-15948) * Avoid hinted handoff per-host throttle being arounded to 0 in large cluster (CASSANDRA-15859) * Avoid emitting empty range tombstones from RangeTombstoneList (CASSANDRA-15924) * Avoid thread starvation, and improve compare-and-swap performance, in the slab allocators (CASSANDRA-15922) * Add token to tombstone warning and error messages (CASSANDRA-15890) * Fixed range read concurrency factor computation and capped as 10 times tpc cores (CASSANDRA-15752) * Catch exception on bootstrap resume and init native transport (CASSANDRA-15863) * Fix replica-side filtering returning stale data with CL > ONE (CASSANDRA-8272, CASSANDRA-8273) * Fix duplicated row on 2.x upgrades when multi-rows range tombstones interact with collection ones (CASSANDRA-15805) * Rely on snapshotted session infos on StreamResultFuture.maybeComplete to avoid race conditions (CASSANDRA-15667) * EmptyType doesn't override writeValue so could attempt to write bytes when expected not to (CASSANDRA-15790) * Fix index queries on partition key columns when some partitions contains only static data (CASSANDRA-13666) * Avoid creating duplicate rows during major upgrades (CASSANDRA-15789) * liveDiskSpaceUsed and totalDiskSpaceUsed get corrupted if IndexSummaryRedistribution gets interrupted (CASSANDRA-15674) * Fix Debian init start/stop (CASSANDRA-15770) * Fix infinite loop on index query paging in tables with clustering (CASSANDRA-14242) * Fix chunk index overflow due to large sstable with small chunk length (CASSANDRA-15595) * Allow selecting static column only when querying static index (CASSANDRA-14242) * cqlsh return non-zero status when STDIN CQL fails (CASSANDRA-15623) * Don't skip sstables in slice queries based only on local min/max/deletion timestamp (CASSANDRA-15690) * Memtable memory allocations may deadlock (CASSANDRA-15367) * Run evictFromMembership in GossipStage (CASSANDRA-15592) * Fix nomenclature of allow and deny lists (CASSANDRA-15862) * Remove generated files from source artifact (CASSANDRA-15849) * Remove duplicated tools binaries from tarballs (CASSANDRA-15768) * Duplicate results with DISTINCT queries in mixed mode (CASSANDRA-15501) * Disable JMX rebinding (CASSANDRA-15653) * Fix writing of snapshot manifest when the table has table-backed secondary indexes (CASSANDRA-10968) * Fix parse error in cqlsh COPY FROM and formatting for map of blobs (CASSANDRA-15679) * Fix Commit log replays when static column clustering keys are collections (CASSANDRA-14365) * Fix Red Hat init script on newer systemd versions (CASSANDRA-15273) * Allow EXTRA_CLASSPATH to work on tar/source installations (CASSANDRA-15567) * Fix bad UDT sstable metadata serialization headers written by C* 3.0 on upgrade and in sstablescrub (CASSANDRA-15035) * Fix nodetool compactionstats showing extra pending task for TWCS - patch implemented (CASSANDRA-15409) * Fix SELECT JSON formatting for the "duration" type (CASSANDRA-15075) * Fix LegacyLayout to have same behavior as 2.x when handling unknown column names (CASSANDRA-15081) * Update nodetool help stop output (CASSANDRA-15401) * Run in-jvm upgrade dtests in circleci (CASSANDRA-15506) * Include updates to static column in mutation size calculations (CASSANDRA-15293) * Fix point-in-time recoevery ignoring timestamp of updates to static columns (CASSANDRA-15292) * GC logs are also put under $CASSANDRA_LOG_DIR (CASSANDRA-14306) * Fix sstabledump's position key value when partitions have multiple rows (CASSANDRA-14721) * Avoid over-scanning data directories in LogFile.verify() (CASSANDRA-15364) * Bump generations and document changes to system_distributed and system_traces in 3.0, 3.11 (CASSANDRA-15441) * Fix system_traces creation timestamp; optimise system keyspace upgrades (CASSANDRA-15398) * Fix various data directory prefix matching issues (CASSANDRA-13974) * Minimize clustering values in metadata collector (CASSANDRA-15400) * Avoid over-trimming of results in mixed mode clusters (CASSANDRA-15405) * validate value sizes in LegacyLayout (CASSANDRA-15373) * Ensure that tracing doesn't break connections in 3.x/4.0 mixed mode by default (CASSANDRA-15385) * Make sure index summary redistribution does not start when compactions are paused (CASSANDRA-15265) * Ensure legacy rows have primary key livenessinfo when they contain illegal cells (CASSANDRA-15365) * Fix race condition when setting bootstrap flags (CASSANDRA-14878) * Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426) * Fix SELECT JSON output for empty blobs (CASSANDRA-15435) * In-JVM DTest: Set correct internode message version for upgrade test (CASSANDRA-15371) * In-JVM DTest: Support NodeTool in dtest (CASSANDRA-15429) * Fix NativeLibrary.tryOpenDirectory callers for Windows (CASSANDRA-15426) * Fix SASI non-literal string comparisons (range operators) (CASSANDRA-15169) * Make sure user defined compaction transactions are always closed (CASSANDRA-15123) * Fix cassandra-env.sh to use $CASSANDRA_CONF to find cassandra-jaas.config (CASSANDRA-14305) * Fixed nodetool cfstats printing index name twice (CASSANDRA-14903) * Add flag to disable SASI indexes, and warnings on creation (CASSANDRA-14866) * Add ability to cap max negotiable protocol version (CASSANDRA-15193) * Gossip tokens on startup if available (CASSANDRA-15335) * Fix resource leak in CompressedSequentialWriter (CASSANDRA-15340) * Fix bad merge that reverted CASSANDRA-14993 (CASSANDRA-15289) * Fix LegacyLayout RangeTombstoneList IndexOutOfBoundsException when upgrading and RangeTombstone bounds are asymmetric (CASSANDRA-15172) * Fix NPE when using allocate_tokens_for_keyspace on new DC/rack (CASSANDRA-14952) * Filter sstables earlier when running cleanup (CASSANDRA-15100) * Use mean row count instead of mean column count for index selectivity calculation (CASSANDRA-15259) * Avoid updating unchanged gossip states (CASSANDRA-15097) * Prevent recreation of previously dropped columns with a different kind (CASSANDRA-14948) * Prevent client requests from blocking on executor task queue (CASSANDRA-15013) * Toughen up column drop/recreate type validations (CASSANDRA-15204) * LegacyLayout should handle paging states that cross a collection column (CASSANDRA-15201) * Prevent RuntimeException when username or password is empty/null (CASSANDRA-15198) * Multiget thrift query returns null records after digest mismatch (CASSANDRA-14812) * Skipping illegal legacy cells can break reverse iteration of indexed partitions (CASSANDRA-15178) * Handle paging states serialized with a different version than the session's (CASSANDRA-15176) * Throw IOE instead of asserting on unsupporter peer versions (CASSANDRA-15066) * Update token metadata when handling MOVING/REMOVING_TOKEN events (CASSANDRA-15120) * Add ability to customize cassandra log directory using $CASSANDRA_LOG_DIR (CASSANDRA-15090) * Skip cells with illegal column names when reading legacy sstables (CASSANDRA-15086) * Fix assorted gossip races and add related runtime checks (CASSANDRA-15059) * Fix mixed mode partition range scans with limit (CASSANDRA-15072) * cassandra-stress works with frozen collections: list and set (CASSANDRA-14907) * Fix handling FS errors on writing and reading flat files - LogTransaction and hints (CASSANDRA-15053) * Avoid double closing the iterator to avoid overcounting the number of requests (CASSANDRA-15058) * Improve nodetool status -r speed (CASSANDRA-14847) * Improve merkle tree size and time on heap (CASSANDRA-14096) * Add missing commands to nodetool_completion (CASSANDRA-14916) * Anti-compaction temporarily corrupts sstable state for readers (CASSANDRA-15004) * Catch non-IOException in FileUtils.close to make sure that all resources are closed (CASSANDRA-15225) * Handle exceptions during authentication/authorization (CASSANDRA-15041) * Support cross version messaging in in-jvm upgrade dtests (CASSANDRA-15078) * Fix index summary redistribution cancellation (CASSANDRA-15045) * Fixing invalid CQL in security documentation (CASSANDRA-15020) * Allow instance class loaders to be garbage collected for inJVM dtest (CASSANDRA-15170) * Add support for network topology and query tracing for inJVM dtest (CASSANDRA-15319) * Correct sstable sorting for garbagecollect and levelled compaction (CASSANDRA-14870) * Severe concurrency issues in STCS,DTCS,TWCS,TMD.Topology,TypeParser * Add a script to make running the cqlsh tests in cassandra repo easier (CASSANDRA-14951) * If SizeEstimatesRecorder misses a 'onDropTable' notification, the size_estimates table will never be cleared for that table. (CASSANDRA-14905) * Counters fail to increment in 2.1/2.2 to 3.X mixed version clusters (CASSANDRA-14958) * Streaming needs to synchronise access to LifecycleTransaction (CASSANDRA-14554) * Fix cassandra-stress write hang with default options (CASSANDRA-14616) * Differentiate between slices and RTs when decoding legacy bounds (CASSANDRA-14919) * Netty epoll IOExceptions caused by unclean client disconnects being logged at INFO (CASSANDRA-14909) * Unfiltered.isEmpty conflicts with Row extends AbstractCollection.isEmpty (CASSANDRA-14588) * RangeTombstoneList doesn't properly clean up mergeable or superseded rts in some cases (CASSANDRA-14894) * Fix handling of collection tombstones for dropped columns from legacy sstables (CASSANDRA-14912) * Throw exception if Columns serialized subset encode more columns than possible (CASSANDRA-14591) * Drop/add column name with different Kind can result in corruption (CASSANDRA-14843) * Fix missing rows when reading 2.1 SSTables with static columns in 3.0 (CASSANDRA-14873) * Move TWCS message 'No compaction necessary for bucket size' to Trace level (CASSANDRA-14884) * Sstable min/max metadata can cause data loss (CASSANDRA-14861) * Dropped columns can cause reverse sstable iteration to return prematurely (CASSANDRA-14838) * Legacy sstables with multi block range tombstones create invalid bound sequences (CASSANDRA-14823) * Expand range tombstone validation checks to multiple interim request stages (CASSANDRA-14824) * Reverse order reads can return incomplete results (CASSANDRA-14803) * Avoid calling iter.next() in a loop when notifying indexers about range tombstones (CASSANDRA-14794) * Fix purging semi-expired RT boundaries in reversed iterators (CASSANDRA-14672) * DESC order reads can fail to return the last Unfiltered in the partition (CASSANDRA-14766) * Fix corrupted collection deletions for dropped columns in 3.0 <-> 2.{1,2} messages (CASSANDRA-14568) * Fix corrupted static collection deletions in 3.0 <-> 2.{1,2} messages (CASSANDRA-14568) * Handle failures in parallelAllSSTableOperation (cleanup/upgradesstables/etc) (CASSANDRA-14657) * Improve TokenMetaData cache populating performance avoid long locking (CASSANDRA-14660) * Backport: Flush netty client messages immediately (not by default) (CASSANDRA-13651) * Fix static column order for SELECT * wildcard queries (CASSANDRA-14638) * sstableloader should use discovered broadcast address to connect intra-cluster (CASSANDRA-14522) * Fix reading columns with non-UTF names from schema (CASSANDRA-14468) * Don't enable client transports when bootstrap is pending (CASSANDRA-14525) * MigrationManager attempts to pull schema from different major version nodes (CASSANDRA-14928) * Fix incorrect cqlsh results when selecting same columns multiple times (CASSANDRA-13262) * Returns null instead of NaN or Infinity in JSON strings (CASSANDRA-14377) * Paged Range Slice queries with DISTINCT can drop rows from results (CASSANDRA-14956)

Changes in crowbar-openstack: - Update to version 6.0+git.1616146717.a89ae0f4e: * monasca: restart Kibana on update (bsc#1044849)

Changes in grafana - Add CVE-2021-27358.patch (bsc#1183803, CVE-2021-27358) * Prevent unauthenticated remote attackers from causing a DoS through the snapshots API.

Changes in kibana: - Ensure /etc/sysconfig/kibana is present

  • Update to Kibana 4.6.6 (bsc#1044849, CVE-2017-11499, ESA-2017-14, ESA-2017-16)
  • [4.6] ignore forked code for babel transpile build phase (#13483)
  • Allow more than match queries in custom filters (#8614) (#10857)
  • [state] don't make extra $location.replace() calls (#9954)
  • [optimizer] move to querystring-browser package for up-to-date api
  • [state/unhashUrl] use encode-uri-query to generate cleanly encoded urls
  • server: refactor log_interceptor to be more DRY (#9617)
  • server: downgrade ECANCELED logs to debug (#9616)
  • server: do not treat logged warnings as errors (#8746) (#9610)
  • [server/logger] downgrade EPIPE errors to debug level (#9023)
  • Add basepath when redirecting from a trailling slash (#9035)
  • [es/kibanaIndex] use unmapped_type rather than ignore_unmapped (#8968)
  • [server/shortUrl] validate urls before shortening them
  • Add CVE-2017-11481.patch (bsc#1044849, CVE-2017-11481)
  • This fixes an XSS vulnerability in URL fields
  • Remove %dir declaration from /opt/kibana/optimize to ensure no files owned by root end up in there
  • Exclude /opt/kibana/optimize from %fdupes
  • Restart service on upgrade
  • Do not copy LICENSE.txt and README.txt to /opt/kibana
  • Fix rpmlint warnings/errors
  • Switch to explicit patch application
  • Fix source URL

  • Fix logic for systemd/systemv detection

  • Add 0001-Configurable-custom-response-headers-for-server.patch (bsc#1171909, CVE-2020-10743)

  • Added kibana.yml symlink (bsc#1048688, FATE#323204) Changes in openstack-dashboard:

  • Update to version horizon-14.1.1.dev11:
  • Consume tempest-horizon from PyPI release

Changes in openstack-ironic: - Update to version ironic-11.1.5.dev17: * Remove lower-constraints job

Changes in openstack-ironic: - Update to version ironic-11.1.5.dev17: * Remove lower-constraints job

Changes in openstack-neutron: - Update to version neutron-13.0.8.dev164: * Schedule networks to new segments if needed

  • Update to version neutron-13.0.8.dev162:

  • Fix invalid JSON generated by quota details

  • Update to version neutron-13.0.8.dev160:

  • Fix deletion of rfp interfaces when router is re-enabled

  • Update to version neutron-13.0.8.dev159:

  • [OVS FW] Allow egress ICMPv6 only for know addresses

  • [OVS FW] Clean conntrack entries with mark == CT_MARK_INVALID

  • Update to version neutron-13.0.8.dev155:

  • Fix removal of dvr-src mac flows when non-gateway port on router is deleted

  • Update to version neutron-13.0.8.dev153:

  • Add some wait time between stopping and starting again ovsdb monitor

  • Workaround for TCP checksum issue with ovs-dpdk and veth pair

  • Update to version neutron-13.0.8.dev149:

  • Fix wrong packet_type set for IPv6 GRE tunnels in OVS

  • Update to version neutron-13.0.8.dev148:

  • Fix losses of ovs flows when ovs is restarted

Changes in openstack-neutron: - Update to version neutron-13.0.8.dev164: * Schedule networks to new segments if needed

  • Update to version neutron-13.0.8.dev162:

  • Fix invalid JSON generated by quota details