Bug 2059501

Changes in 0.11.2:

### Fixed
- Pcs was not automatically enabling corosync-qdevice when adding a quorum
  device to a cluster (broken since pcs-0.10.9) ([rhbz#2028902])
- `resource update` command exiting with a traceback when updating a resource
  with a non-existing resource agent ([rhbz#2019836])
- pcs\_snmp\_agent is working again (broken since pcs-0.10.1) ([ghpull#431])
- Skip checking of scsi devices to be removed before unfencing to be added
  devices ([rhbz#2033248])
- Make `ocf:linbit:drbd` agent pass OCF standard validation ([ghissue#441],
  [rhbz#2036633])
- Multiple improvements of `pcs resource move` command ([rhbz#1996062])
- Pcs no longer creates Pacemaker-1.x CIB when `-f` is used, so running `pcs
  cluster cib-upgrade` manually is not needed ([rhbz#2022463])

### Deprecated
- Usage of `pcs resource` commands for stonith resources and vice versa
  ([rhbz#1301204])



Preliminary changelog:

### Security
- CVE-2022-1049: Pcs daemon was allowing expired accounts, and accounts with
  expired passwords to login when using PAM auth. ([huntr#220307],
  [rhbz#2068457])

### Added
- Add support for fence\_mpath to `pcs stonith update-scsi-devices` command
  ([rhbz#2024522])
- Support for cluster UUIDs. New clusters now get a UUID during setup. Existing
  clusters can get a UUID by running the new `pcs cluster config uuid generate`
  command ([rhbz#2054671])
- Add warning regarding move constraints to `pcs status` ([rhbz#2058247])
- Support for output formats `json` and `cmd` to `pcs resource config` and `pcs
  stonith config` commands ([rhbz#2058251], [rhbz#2058252])

### Fixed
- Booth ticket name validation ([rhbz#2053177])
- Adding booth ticket doesn't report 'mode' as an unknown option anymore
  ([rhbz#2058243])
- Preventing fence-loop caused when stonith-watchdog-timeout is set
  with wrong value ([rhbz#2058246])

Changes in 0.11.3:

### Security
- CVE-2022-1049: Pcs daemon was allowing expired accounts, and accounts with
  expired passwords to login when using PAM auth. ([huntr#220307],
  [rhbz#2068457])
- Pcsd does not expose the server name in HTTP headers anymore ([rhbz#2059122])
- Set `Strict-Transport-Security: max-age=63072000` HTTP header for all
  responses ([rhbz#2097731])
- Set HTTP headers to prevent caching everything except static files
  ([rhbz#2097733])
- Set HTTP headers to prevent sending referrer ([rhbz#2097732])
- Set cookie option SameSite to Lax ([rhbz#2097730])
- Set `Content-Security-Policy: frame-ancestors 'self'; default-src 'self'`
  HTTP header for all responses ([rhbz#2097778])

### Added
- Add support for fence\_mpath to `pcs stonith update-scsi-devices` command
  ([rhbz#2024522])
- Support for cluster UUIDs. New clusters now get a UUID during setup. Existing
  clusters can get a UUID by running the new `pcs cluster config uuid generate`
  command ([rhbz#2054671])
- Add warning regarding move constraints to `pcs status` ([rhbz#2058247])
- Support for output formats `json` and `cmd` to `pcs resource config` and `pcs
  stonith config` commands ([rhbz#2058251], [rhbz#2058252])

### Fixed
- Booth ticket name validation ([rhbz#2053177])
- Adding booth ticket doesn't report 'mode' as an unknown option anymore
  ([rhbz#2058243])
- Preventing fence-loop caused when stonith-watchdog-timeout is set
  with wrong value ([rhbz#2058246])
- Do not allow to create an order constraint for resources in one group as that
  may block Pacemaker ([ghpull#509])
- `pcs quorum device remove` works again ([rhbz#2095695])
- Fixed description of full permission ([rhbz#2059177])

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: pcs security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2022:7935