Zed Series Release Notes

2.30.1

Security Issues

  • Fixed a security issue in how s3api handles XML parsing that allowed authenticated S3 clients to read arbitrary files from proxy servers. Refer to CVE-2022-47950 for more information.

Bug Fixes

  • Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14, and 3.10.6 that could cause some domain_remap requests to be routed to the wrong object.

2.30.0

New Features

  • Sharding improvements

    • The swift-manage-shard-ranges tool has a new mode to repair gaps in the namespace.

    • Metrics are now emitted for whether databases used for cleaving were created or already existed, allowing a better understanding of the reason for handoffs in the cluster.

    • Misplaced-record stats are now also emitted to statsd. Previously, these were only available in logs.

  • Logging improvements

    • The message template for proxy logging may now include a {domain} field for the client-provided Host header.

    • Added a log_rsync_transfers option to the object-replicator. Set it to false to disable logging rsync “send” lines; during large rebalances, such logging can overwhelm log aggregation while providing little useful information.

  • The formpost digest algorithm is now configurable via the new allowed_digests option, and support is added for both SHA-256 and SHA-512. Supported formpost digests are exposed to clients in /info. Additionally, formpost signatures can now be base64 encoded.

  • Added metrics to the formpost and tempurl middlewares to monitor digest usage in signatures.

  • Improved compatibility with certain FIPS-mode-enabled systems.

  • Added a ring_ip option for various object services. This may be used to find own devices in the ring in a containerized environment where the bind_ip may not appear in the ring at all.

  • Account and container replicators can now be configured with a handoff_delete option, similar to object replicators and reconstructors. See the sample config for more information.

  • Developers using Swift’s memcache client may now opt in to having a MemcacheConnectionError be raised when no connection succeeded using a new raise_on_error keyword argument to get/set.

  • Device names are now included in new database IDs. This provides more context when examining incoming/outgoing sync tables or sharding CleaveContexts.

Deprecation Notes

  • SHA-1 signatures are now deprecated for the formpost and tempurl middlewares. At some point in the future, SHA-1 will no longer be enabled by default; eventually, support for it will be removed entirely.

Security Issues

  • Constant-time string comparisons are now used when checking S3 API signatures.

  • Fixed a socket leak when clients try to delete a non-SLO as though it were a Static Large Object.

Bug Fixes

  • Sharding improvements

    • Misplaced tombstone records are now properly cleaved.

    • Fixed a bug where the sharder could fail to find a device to use for cleaving.

    • Databases marked deleted are now processed by the sharder.

    • More information is now synced to the fresh database when sharding. Previously, a database could lose the fact that it had been marked as deleted.

    • Shard ranges with no rows to cleave could previously be left in the CREATED state after cleaving. Now, they are advanced to CLEAVED.

  • S3 API improvements

    • Fixed cross-policy object copies. Previously, copied data would always be written using the source container’s policy. Now, the destination container’s policy will be used, avoiding availability issues and unnecessary container-reconciler work.

    • More headers are now copied from multi-part upload markers to their completed objects, including Content-Encoding.

    • When running with s3_acl disabled, bucket-owner-full-control and bucket-owner-read canned ACLs will be translated to the same Swift ACLs as private.

    • The S3 ACL and Delete Multiple APIs are now less case-sensitive.

    • Improved the error message when deleting a bucket that’s ever had versioning enabled and still has versions in it.

    • LastModified timestamps in listings are now rounded up to whole seconds, like they are in responses from AWS.

    • Proxy logging for Complete Multipart Upload requests is now more consistent when requests have been retried.

  • Logging improvements

    • Signal handling is more consistently logged at notice level. Previously, signal handling would sometimes be logged at info or error levels.

    • The object-replicator now logs successful rsync transfers at debug instead of info.

    • Transaction IDs are now only included in daemon log lines in a request/response context.

  • The tempurl middleware has been updated to return a 503 if storing a token in memcache fails. Third party authentication middlewares are encouraged to also use the new raise_on_error keyword argument when storing ephemeral tokens in memcache.

  • Database replication connections are now closed following an error or timeout. This prevents a traceback in some cases when the replicator tries to reuse the connection.

  • ENOENT and ENODATA errors are better handled in the object replicator and auditor.

  • Improved object update throughput by shifting some shard range filtering from Python to SQL.

  • Include Vary: Origin header when CORS responses vary by origin.

  • The staticweb middleware now allows empty listings at the root of a container. Previously, this would result in a 404 response.

  • Ring builder output tables better display weights over 1000.

  • Various other minor bug fixes and improvements.

Other Notes

  • Pickle support has been removed from Swift’s memcache client. Support had been deprecated since Swift 1.7.0.