Bug 1533849

[0.9.165] - 2018-06-21
Added

    Pcsd option to reject client initiated SSL/TLS renegotiation (rhbz#1566382)
    Commands for listing and testing watchdog devices (rhbz#1475318).
    Option for setting netmtu in pcs cluster setup command (rhbz#1535967)
    Validation for an unaccessible resource inside a bundle (rhbz#1462248)
    Options to display and filter failures by an operation and its interval in pcs resource failcount reset and pcs resource failcount show commands (rhbz#1427273)
    When starting a cluster, each node is now started with a small delay to help preventing JOIN flood in corosync (rhbz#1572886)

Fixed

    pcs cib-push diff-against= does not consider an empty diff as an error (ghpull#166)
    pcs resource update does not create an empty meta_attributes element any more (rhbz#1568353)
    pcs resource debug-* commands provide debug messages even with pacemaker-1.1.18 and newer (rhbz#1574898)
    pcs config no longer crashes when crm_mon prints anything to stderr (rhbz#1581150)
    Removing resources using web UI when the operation takes longer than expected (rhbz#1579911)
    Improve pcs quorum device add usage and man page (rhbz#1476862)
    pcs resource failcount show works correctly with pacemaker-1.1.18 and newer (rhbz#1588667)
    Do not lowercase node addresses in the pcs cluster auth command (rhbz#1590533)

Changed

    Watchdog devices are validated against a list provided by sbd (rhbz#1475318).

[0.9.164] - 2018-04-09
Security

    CVE-2018-1086: Debug parameter removal bypass, allowing information disclosure (rhbz#1557366)
    CVE-2018-1079: Privilege escalation via authorized user malicious REST call (rhbz#1550243)
    CVE-2018-1000119 rack-protection: Timing attack in authenticity_token.rb (rhbz#1534027)

[0.9.163] - 2018-02-20
Added

    Added pcs status booth as an alias to pcs booth status
    A warning is displayed in pcs status and a stonith device detail in web UI when a stonith device has its method option set to cycle (rhbz#1523378)

Fixed

    --skip-offline is no longer ignored in the pcs quorum device remove command
    pcs now waits up to 5 minutes (previously 10 seconds) for pcsd restart when synchronizing pcsd certificates
    Usage and man page now correctly state it is possible to enable or disable several stonith devices at once
    It is now possible to set the action option of stonith devices in web UI by using force (rhbz#1421702)
    Do not crash when --wait is used in pcs stonith create (rhbz#1522813)
    Nodes are now authenticated after running pcs cluster auth even if an existing corosync.conf defines no nodes (ghissue#153, rhbz#1517333)
    Pcs now properly exits with code 1 when an error occurs in pcs cluster node add-remote and pcs cluster node add-guest commands (rhbz#1464781)
    Fixed a crash in the pcs booth sync command (rhbz#1527530)
    Always replace the whole CIB instead of applying a diff when crm_feature_set <= 3.0.8 (rhbz#1488044)
    Fixed pcs cluster auth in a cluster when not authenticated and using a non-default port (rhbz#1415197)
    Fixed pcs cluster auth in a cluster when previously authenticated using a non-default port and reauthenticating using an implicit default port (rhbz#1415197)

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:3066