Difference between revisions of "Translations:ReleaseNotes/Liberty/13/en"
(Importing a new version from external source) |
(No difference)
|
Latest revision as of 00:45, 13 August 2016
- TempURL fixes (closes CVE-2015-5223)
Do not allow PUT tempurls to create pointers to other data. Specifically, disallow the creation of DLO object manifests via a PUT tempurl. This prevents discoverability attacks which can use any PUT tempurl to probe for private data by creating a DLO object manifest and then using the PUT tempurl to head the object.
- Swift now emits StatsD metrics on a per-policy basis.
- Fixed an issue with Keystone integration where a COPY request to a service account may have succeeded even if a service token was not included in the request.
- Bulk upload now treats user xattrs on files in the given archive as object metadata on the resulting created objects.
- Emit warning log in object replicator if "handoffs_first" or "handoff_delete" is set.
- Enable object replicator's failure count in swift-recon.
- Added storage policy support to dispersion tools.
- Support keystone v3 domains in swift-dispersion.
- Added domain_remap information to the /info endpoint.
- Added support for a "default_reseller_prefix" in domain_remap middleware config.
- Allow rsync to use compression via a "rsync_compress" config. If set to true, compression is only enabled for an rsync to a device in a different region. In some cases, this can speed up cross-region replication data transfer.
- Added time synchronization check in swift-recon (the --time option).
- The account reaper now runs faster on large accounts.
- Various other minor bug fixes and improvements.