From peter.amstutz at curii.com Wed Sep 21 22:15:42 2022 From: peter.amstutz at curii.com (peter.amstutz at curii.com) Date: Wed, 21 Sep 2022 15:15:42 -0700 Subject: [arvados] Arvados 2.4.3 released Message-ID: Hello , The Arvados team is pleased to announce Arvados 2.4.3. This release includes a security update to PAM authentication. We strongly recommend that installations of Arvados using PAM for authentication upgrade to 2.4.3 as soon as possible. See Upgrading Arvados for upgrade instructions. In addition, this release includes several performance improvements, usability improvements, and bug fixes. Security updates In Arvados 2.4.2 and earlier, when using PAM authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host, it would still be accepted for access to Arvados. From 2.4.3 onwards, Arvados now also checks that the account is permitted to access the host before completing the PAM login process. Other authentication methods (LDAP, OpenID Connect) are not affected by this flaw. This vulnerability was reported by “Porcupiney Hairs”. New Features #19464 When a CWL file located in a git checkout is executed or registered with --create-workflow or --update-workflow, Arvados will record information about the git commit and use git describe to generate a version number that is incorporated into the Workflow name. #19079 On the Workbench 2 search panel, items now have a right-click context menu allowing you to open the item in a new tab, allowing you to visit items without losing your place in the search list. #19472 The Salt-based Arvados installer now sets up log rotation for the Rails-based API server and Workbench logs. Bug Fixes #19368 #19428 Several performance slowdowns and unnecessary overhead observed in the S3-compatible API have been resolved. #19502 If two or more collections with the same portable data hash (same content) are cached by keep-web, changes made through through keep-web will now be applied to the correct collection. Previously, changes would sometimes be applied to a different collection with the same same portable data hash. #19421 Workbench 2 links using “redirectTo” are now recognized as an alias for “redirectToPreview”, so that hyperlinks from 2.4.1 and earlier to work again. #19383 The “Advanced” menu has been renamed “API Details” and the “API Response” tab has been fixed to display the record as intended, instead of “[Object]”. #19413 Workflows which generate a large number of warnings will no longer update the record once the warning text in runtime status has hit the line limit. #19454 Arvados-cwl-runner now correctly accepts output parameters in cwl.output.json that use relative references to the files in the output directory. #19277 Containers with Arvados API access enabled and a local keepstore process (communicating directly with storage) will now have a suitable ARVADOS_KEEP_SERVICES environment variable passed into the container so that tasks inside the container are able to use the local keepstore. #19414 Fixed a panic in keep-balance when there is an “unachievable” block (referenced by a collection, but not returned by any keepstore index). #19437 It was observed that containers would sometimes be cancelled with the error Error inspecting container: ... context deadline exceeded. We believe can happens when a host is overloaded resulting in the Docker daemon being very slow to respond. Arvados will now require three consecutive timeout failures before abandoning the container. Thanks, The Arvados Team -------------- next part -------------- An HTML attachment was scrubbed... URL: