| tag name | v0.8.6 (3c77659a3d73479d109d454e0388d4418dabe194) |
| tag date | 2024-03-01 15:05:01 +0100 |
| tagged by | Alex Auvolat <alex@adnab.me> |
| tagged object | commit d94b086db3... |
| download | garage-0.8.6.tar.gz garage-0.8.6.zip |
|---|
Garage v0.8.6
This minor release is a security release that fixes the following issues:
- Fix timing side-channel vulnerability in admin/metrics token
comparison and in AWS signature v4 verification (#737, backported in
#740)
- Ensure that the correct set of headers (in particular, `x-amz-*`
headers) are included in signature calculation (#735, #745, backported
in #744)
Thanks to Radicallly Open Security for auditing the code and finding the
timing side-channel vulnerabilities.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEwhSWp0+ubv79TiqUDkltFQljdr4FAmXh4LsACgkQDkltFQlj
dr6B4A//d/1//ZwN2c8TjJUnjf90PLzJ6KXA9zXeyDTPxejZTSWoyDhxqPzlhf5/
Q8NA/WxudiokBlTbTofeI2YjveF9y4YKM4Z/t4sXve6CYn9hBy9eEHxTRilHT9aG
eXLsgPn3COyYMyMzgIdrrXaq4a/TL1gaATUb/TM6ge/lbXG2GWgJ3y60BH+JS3xl
YzBnMrpMC6jT9dGJyhlDEAQ4znU71Hpf5T6CSc6+l48lClu18nWlUlyVCNO4LaNO
PzFbcvPkxE8qXxBHjKhld+xfpqAG7qprL5yUfb4XBkwh21yv6D8YsF5GHp0iYaQ5
ixlZoIm8fGoSJqsI5n3UYqM6RoZ2gAHicg8wvqW+nN/poh6tOrBNjdzlbGWQAq+Q
Rz/opwXGQEYPd5MD/a7yttAz6Xb9RX6iS0xSrNJ+QyBdhKSaN9ggcnUOG99APHr6
0L3yfrW/nn97Y5hhBZkW1zo6eYQplzqvOIEtMn/4fn9mGm4XRkb71GLA2rWi1Uwg
99m4s19chPRnIcz4b2C94IYEdp9kWtVsfGqBbNjmgLja+EFp+RCMfCqsiCaafi70
XiLSfQnmAT7dBMjLLZsWdK4Ysu71qNJU7LRD2O3xMSWDlMK8H9TZpt7+fVFmgNeV
d3FlVZdvK2caY4a/EmC6dihP1V/cE28alhcc2xeMQU1OWd2tVI4=
=bUrt
-----END PGP SIGNATURE-----