[arvados] Arvados 2.4.3 released

peter.amstutz at curii.com peter.amstutz at curii.com
Wed Sep 21 22:15:42 UTC 2022


Hello ,

The Arvados team is pleased to announce Arvados 2.4.3. This release
includes a security update to PAM authentication. We strongly recommend
that installations of Arvados using PAM for authentication upgrade to 2.4.3
as soon as possible. See Upgrading Arvados
<https://doc.arvados.org/v2.4/admin/upgrading.html> for upgrade
instructions.

In addition, this release includes several performance improvements,
usability improvements, and bug fixes.
Security updates

In Arvados 2.4.2 and earlier, when using PAM authentication, if a user
presented valid credentials but the account is disabled or otherwise not
allowed to access the host, it would still be accepted for access to
Arvados. From 2.4.3 onwards, Arvados now also checks that the account is
permitted to access the host before completing the PAM login process.

Other authentication methods (LDAP, OpenID Connect) are not affected by
this flaw.

This vulnerability was reported by “Porcupiney Hairs”.
New Features

#19464 <https://dev.arvados.org/issues/19464>

When a CWL file located in a git checkout is executed or registered with
--create-workflow or --update-workflow, Arvados will record information
about the git commit and use git describe to generate a version number that
is incorporated into the Workflow name.

#19079 <https://dev.arvados.org/issues/19079>

On the Workbench 2 search panel, items now have a right-click context menu
allowing you to open the item in a new tab, allowing you to visit items
without losing your place in the search list.

#19472 <https://dev.arvados.org/issues/19472>

The Salt-based Arvados installer now sets up log rotation for the
Rails-based API server and Workbench logs.
Bug Fixes

#19368 <https://dev.arvados.org/issues/19368>

#19428 <https://dev.arvados.org/issues/19428>

Several performance slowdowns and unnecessary overhead observed in the
S3-compatible
API <https://doc.arvados.org/v2.4/api/keep-s3.html> have been resolved.

#19502 <https://dev.arvados.org/issues/19502>

If two or more collections with the same portable data hash (same content)
are cached by keep-web, changes made through through keep-web will now be
applied to the correct collection. Previously, changes would sometimes be
applied to a different collection with the same same portable data hash.

#19421 <https://dev.arvados.org/issues/19421>

Workbench 2 links using “redirectTo” are now recognized as an alias for
“redirectToPreview”, so that hyperlinks from 2.4.1 and earlier to work
again.

#19383 <https://dev.arvados.org/issues/19383>

The “Advanced” menu has been renamed “API Details” and the “API Response”
tab has been fixed to display the record as intended, instead of “[Object]”.

#19413 <https://dev.arvados.org/issues/19413>

Workflows which generate a large number of warnings will no longer update
the record once the warning text in runtime status has hit the line limit.

#19454 <https://dev.arvados.org/issues/19454>

Arvados-cwl-runner now correctly accepts output parameters in
cwl.output.json that use relative references to the files in the output
directory.

#19277 <https://dev.arvados.org/issues/19277>

Containers with Arvados API access enabled and a local keepstore process
(communicating directly with storage) will now have a suitable
ARVADOS_KEEP_SERVICES environment variable passed into the container so
that tasks inside the container are able to use the local keepstore.

#19414 <https://dev.arvados.org/issues/19414>

Fixed a panic in keep-balance when there is an “unachievable” block
(referenced by a collection, but not returned by any keepstore index).

#19437 <https://dev.arvados.org/issues/19437>

It was observed that containers would sometimes be cancelled with the
error Error
inspecting container: ... context deadline exceeded. We believe can happens
when a host is overloaded resulting in the Docker daemon being very slow to
respond. Arvados will now require three consecutive timeout failures before
abandoning the container.

Thanks,

The Arvados Team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.arvados.org/pipermail/arvados/attachments/20220921/21a4ddc3/attachment.html>


More information about the arvados mailing list