|
| 1 | +3.25.0: |
| 2 | + - Added acknowledged field to lastseen DB (ENT-11838) |
| 3 | + - Various SELinux fixes: |
| 4 | + - Added create capability on cfengine_var_lib_t:dir to cf-hub |
| 5 | + - Added filesystem and files unconfined access to cf-monitord in cfengine-enterprise SELinux policy |
| 6 | + - Added getattr access for cf-serverd to socket file in CFEngine SELinux policy |
| 7 | + - Added getattr capability for cert_t:dir as needed to CFEngine components in cfengine-enterprise SELinux policy |
| 8 | + - Added sys_ptrace access for apachectl to run ps in CFEngine SELinux enterprise policy |
| 9 | + - Adjusted CFEngine SELinux policy to allow cf-execd to run ps command with policy version 33 |
| 10 | + - Adjusted SELinux policy to allow components which run cf-promises to getattr everywhere and read symlinks |
| 11 | + - Granted more access to certificates directory for CFEngine components in SELinux policy |
| 12 | + (ENT-12466) |
| 13 | + - Added logging CFEngine component related SELinux denials in cf-support |
| 14 | + (ENT-12137) |
| 15 | + - Added option to choose protocol version in cf-net (ENT-12519) |
| 16 | + - Adjusted cf-support for exotic UNIX platforms (ENT-9786) |
| 17 | + - Adjusted cf-support to not fail if core dumps are available and gdb is missing |
| 18 | + (ENT-9786) |
| 19 | + - Agent now also ignores interfaces listed in ignore_interfaces.rx when |
| 20 | + looking for IPv6 interface info. Variables such as |
| 21 | + 'default:sys.hardware_mac[<INTERFACE>]' will no longer be defined for |
| 22 | + ignored interfaces. |
| 23 | + (ENT-11840) |
| 24 | + - Atomic copy_from in files promise |
| 25 | + Changes to 'files' promise in 'copy_from' attribute: |
| 26 | + - The new file (i.e., '<FILENAME>.cfnew') is now created with correct |
| 27 | + permission during remote copy. Previously it would be created with |
| 28 | + default permissions. |
| 29 | + - The destination file (i.e., '<FILENAME>') is no longer deleted on |
| 30 | + backup during file copy. Previously it would be renamed to |
| 31 | + '<FILENAME>.cfsaved', causing the original file to dissappear. Now an |
| 32 | + actual copy of the original file with the same permissions is created |
| 33 | + instead. |
| 34 | + As a result, there will no longer be a brief moment where the original |
| 35 | + file is inaccessible. |
| 36 | + (ENT-11988) |
| 37 | + - File Stream API now unlinks before open with 'O_EXCL' |
| 38 | + The File Stream API now unlinks the destination file (i.e., |
| 39 | + '<FILENAME>.cfnew') before opening it with the 'O_EXCL' flag. Previously |
| 40 | + the agent would fail if the destination file already exists. |
| 41 | + Fortunately, the File Stream API unlinks this file afterwards, both on |
| 42 | + success and error, causing the agent to recover. Both the 'cf-net get |
| 43 | + <FILENAME>' command and the 'copy_from' attribute were affected. |
| 44 | + - File Stream API now writes sparse files (ENT-12414) |
| 45 | + - Fixed bug causing LMDB database corruption |
| 46 | + - Fixed possible segfault when backing up LMDB databases |
| 47 | + - Re-enabled DB migration support for LMDB |
| 48 | + - Now creates backup before LMDB migration |
| 49 | + - Handle LMDB migration failures |
| 50 | + - In case of LMDB migration failures, the respective database file is |
| 51 | + moved to the side, and a fresh database is created. |
| 52 | + - New network protocol version v4 - filestream (ENT-12414) |
| 53 | + - Now 'cf-net get' no longer unlinks original file (ENT-12511) |
| 54 | + - SELinux: Allow cf-serverd to set its own limits (ENT-12446) |
| 55 | + - commands promises with exit codes not matching any |
| 56 | + _returncodes attributes from classes body now log and |
| 57 | + error message not just an info message. (CFE-4429, ENT-12103) |
| 58 | + |
1 | 59 | 3.24.0: |
2 | 60 | - Added a sanity check to policy parser that checks for and warns |
3 | 61 | in case of promise declarations with no actions. The motivation |
|
857 | 915 | cf-check will include much more functionality in the future |
858 | 916 | and some of the code will be added to other binaries, |
859 | 917 | for example to do health checks of databases on startup. |
860 | | - Ticket: (ENT-4064) |
| 918 | + (ENT-4064) |
861 | 919 | - Added function string_replace. (CFE-2850) |
862 | 920 | - Allow dots in variable identifiers with no such bundle |
863 | 921 | As described and discussed in CFE-1915, defining remote variables |
|
0 commit comments