|
| 1 | +// Module included in the following assemblies: |
| 2 | +// |
| 3 | +// * migration_toolkit_for_containers/mtc-release-notes.adoc |
| 4 | +:_mod-docs-content-type: REFERENCE |
| 5 | +[id="migration-mtc-release-notes-1-8-3_{context}"] |
| 6 | += {mtc-full} 1.8.3 release notes |
| 7 | + |
| 8 | +[id=technical-changes-1-8-3_{context}] |
| 9 | +== Technical changes |
| 10 | + |
| 11 | +{mtc-full} ({mtc-short}) 1.8.3 has the following technical changes: |
| 12 | + |
| 13 | +.{oadp-short} 1.3 is now supported |
| 14 | + |
| 15 | +{mtc-short} 1.8.3 adds support to {oadp-first} as a dependency of {mtc-short} 1.8.z. |
| 16 | + |
| 17 | +[id="resolved-issues-1-8-3_{context}"] |
| 18 | +== Resolved issues |
| 19 | + |
| 20 | +This release has the following major resolved issues: |
| 21 | + |
| 22 | +.CVE-2024-24786: Flaw in Golang `protobuf` module causes `unmarshal` function to enter infinite loop |
| 23 | + |
| 24 | +In previous releases of {mtc-short}, a vulnerability was found in Golang's `protobuf` module, where the `unmarshal` function entered an infinite loop while processing certain invalid inputs. Consequently, an attacker provided carefully constructed invalid inputs, which caused the function to enter an infinite loop. |
| 25 | + |
| 26 | +With this update, the `unmarshal` function works as expected. |
| 27 | + |
| 28 | +For more information, see link:https://access.redhat.com/security/cve/CVE-2024-24786[CVE-2024-24786]. |
| 29 | + |
| 30 | +.CVE-2023-45857: Axios Cross-Site Request Forgery Vulnerability |
| 31 | + |
| 32 | +In previous releases of {mtc-short}, a vulnerability was discovered in Axios 1.5.1 that inadvertently revealed a confidential `XSRF-TOKEN` stored in cookies by including it in the HTTP header `X-XSRF-TOKEN` for every request made to the host, allowing attackers to view sensitive information. |
| 33 | + |
| 34 | +For more information, see link:https://access.redhat.com/security/cve/CVE-2023-45857[CVE-2023-45857]. |
| 35 | + |
| 36 | +.Restic backup does not work properly when the source workload is not quiesced |
| 37 | + |
| 38 | +In previous releases of {mtc-short}, some files did not migrate when deploying an application with a route. The Restic backup did not function as expected when the quiesce option was unchecked for the source workload. |
| 39 | + |
| 40 | +This issue has been resolved in {mtc-short} 1.8.3. |
| 41 | + |
| 42 | +For more information, see link:https://bugzilla.redhat.com/show_bug.cgi?id=2242064[BZ#2242064]. |
| 43 | + |
| 44 | +.The `Migration Controller` fails to install due to an unsupported value error in Velero |
| 45 | + |
| 46 | +The `MigrationController` failed to install due to an unsupported value error in Velero. Updating {oadp-short} 1.3.0 to {oadp-short} 1.3.1 resolves this problem. For more information, see link:https://bugzilla.redhat.com/show_bug.cgi?id=2267018[BZ#2267018]. |
| 47 | + |
| 48 | +This issue has been resolved in {mtc-short} 1.8.3. |
| 49 | + |
| 50 | +For a complete list of all resolved issues, see the list of link:https://issues.redhat.com/issues/?filter=12432429[{mtc-short} 1.8.3 resolved issues] in Jira. |
| 51 | + |
| 52 | +[id="known-issues-1-8-3_{context}"] |
| 53 | +== Known issues |
| 54 | + |
| 55 | +mtc-short has the following known issues: |
| 56 | + |
| 57 | +.The associated SCC for service account cannot be migrated in {OCP} 4.12 |
| 58 | + |
| 59 | +The associated Security Context Constraints (SCCs) for service accounts in {OCP} version 4.12 cannot be migrated. This issue is planned to be resolved in a future release of {mtc-short}. link:https://issues.redhat.com/browse/MIG-1454[(MIG-1454)]. |
| 60 | + |
| 61 | +For a complete list of all known issues, see the list of link:https://issues.redhat.com/issues/?filter=12429975[{mtc-short} 1.8.3 known issues] in Jira. |
0 commit comments