Translations:ReleaseNotes/Liberty/13/en


 * TempURL fixes (closes CVE-2015-5223) Do not allow PUT tempurls to create pointers to other data. Specifically, disallow the creation of DLO object manifests via a PUT tempurl. This prevents discoverability attacks which can use any PUT tempurl to probe for private data by creating a DLO object manifest and then using the PUT tempurl to head the object.
 * Swift now emits StatsD metrics on a per-policy basis.
 * Fixed an issue with Keystone integration where a COPY request to a service account may have succeeded even if a service token was not included in the request.
 * Bulk upload now treats user xattrs on files in the given archive as object metadata on the resulting created objects.
 * Emit warning log in object replicator if "handoffs_first" or "handoff_delete" is set.
 * Enable object replicator's failure count in swift-recon.
 * Added storage policy support to dispersion tools.
 * Support keystone v3 domains in swift-dispersion.
 * Added domain_remap information to the /info endpoint.
 * Added support for a "default_reseller_prefix" in domain_remap middleware config.
 * Allow rsync to use compression via a "rsync_compress" config. If set to true, compression is only enabled for an rsync to a device in a different region. In some cases, this can speed up cross-region replication data transfer.
 * Added time synchronization check in swift-recon (the --time option).
 * The account reaper now runs faster on large accounts.
 * Various other minor bug fixes and improvements.