RATATOSKRATATOSK
ログイン

リリース

CNCF graduated・incubatingプロジェクトのリリースノートのAI分析。

2026年5月解除 ×

Rook

Storage & Data2026年5月27日

日本語 準備中Rook v1.19.6 is a targeted patch release addressing OSD device class handling, Prometheus metric labeling, and a network-layer dependency vulnerability. Mainly operational refinements for Ceph clusters already in production.

  • securityPatch golang.org/x/net vulnerability

    Rook v1.19.6 bumps golang.org/x/net twice (to fix govulncheck CI failures and address GO-2026-5026). If you run Rook in high-traffic environments or handle untrusted network input, review the golang.org/x/net advisory for the specific vulnerability. Upgrade to 1.19.6 to inherit the patched dependency, but do not delay if your Rook instance exposes networking logic to untrusted sources.

  • enhancementOSD device class detection fixed in raw-mode

    OSD device class handling now works correctly in raw-mode prepare and reconcile operations (#17407). If you use device classes to segregate fast (NVMe) from slow (HDD) storage, verify after upgrading that your OSD topology reflects the correct device classes. Check `ceph osd crush tree` and OSD weight distribution to ensure placement rules work as intended.

  • enhancementCluster label added to Prometheus metrics

    Prometheus scrape metrics now include a `cluster` label from upstream Ceph rules (#17544). If you aggregate Rook metrics across multiple Ceph clusters, this label addition improves metric cardinality and avoids collisions. Update any Prometheus rules, dashboards, or alerts that rely on the old label set; test in non-production first to catch any PromQL query breaks.

主な変更 (8)
  • Prometheus rules updated with upstream Ceph changes; cluster label added to all scraped metrics
  • OSD device class now honored in raw-mode prepare and reconcile operations
  • golang.org/x/net patched to fix network-layer vulnerability (GO-2026-5026)
  • Self-signed certificate creation retry logic added for wrapped context deadline errors
  • Node existence checks added to monitor health check iterations
  • Default ResourceRequirements added for cmd-reporter pod
  • Encryption label detection improved for dmcrypt paths
  • DNS policy corrected for rook-ceph-exporter
原文

Rook

Storage & Data2026年5月27日

日本語 準備中Rook v1.18.11 patches liveness probe stability, OSD disk handling, and CSI priority class assignment. No major breaking changes, but one CSI component fix may shift pod scheduling.

  • breakingCSI priority class name correction

    CSI provisioner and plugin priority class names were swapped in earlier v1.18.x releases (PR #17361). If you've set custom CSI priority classes, check your PVCs and plugin pods after upgrade — the correct priority class will now apply to the right component, potentially changing scheduling behavior for storage workloads.

  • enhancementFix liveness probe script formatting

    Rook v1.18.11 removes newlines from liveness probe scripts (PR #17420). If your Ceph cluster's liveness probes are flaky or generating spurious restarts, upgrade immediately — the whitespace issue could be interfering with probe output parsing. No breaking changes, but the fix eliminates a source of operational noise.

  • enhancementDisk zapping for forced OSD installation

    The disk zapping feature for forced OSD installation (PR #17533) gives you explicit control over device reuse. If you're adding storage to existing nodes or recovering failed OSD slots, update to v1.18.11 and review your OSD discovery workflow — you can now force installation on previously used disks without manual intervention.

主な変更 (5)
  • Disk zapping for forced OSD installation simplifies storage recovery
  • Liveness probe script newline fix reduces false pod restarts
  • CSI provisioner and plugin priority class names corrected
  • Go-jose library updated from 4.1.3 to 4.1.4
  • Out-of-date PgHealthyRegex documentation references fixed
原文

Harbor

Storage & Data2026年5月11日

日本語 準備中Harbor v2.14.4 is a patch release fixing session management bugs, scanner API issues, and DockerHub token auth, with Go 1.25.9 and dependency security bumps.

  • securityUpgrade immediately for go-jose and OTel SDK dependency fixes

    The go-jose/go-jose and go.opentelemetry.io/otel/sdk packages were explicitly bumped in this release, which typically signals CVE remediation. If your Harbor instance handles sensitive registry credentials or is exposed to external traffic, this patch should be prioritized. Plan an upgrade from v2.14.3 to v2.14.4 — it's a patch release with no breaking changes, so the risk of upgrading is low.

  • breakingSession behavior changes — test SSO and long-lived browser sessions before rollout

    Two session-related fixes land here: background polling no longer refreshes session TTL, and SessionRegenerate args/lifetime were corrected. If your users rely on the UI staying logged in while background tabs are open, their sessions will now expire as configured rather than being silently extended. Validate your session timeout settings in Harbor's config and communicate expected behavior changes to your users before upgrading in production.

  • enhancementDockerHub replication broken? This patch fixes the token auth flow

    If you've been seeing replication failures from DockerHub registries (especially after DockerHub API changes), the fix to use the /v2/auth/token endpoint should resolve them. After upgrading, verify your DockerHub replication rules by triggering a manual sync and checking the replication job logs. Also retest any distribution instance edits that involve credentials — a separate fix addresses a bug where editing a distribution instance without credentials caused issues.

主な変更 (5)
  • Session TTL fix: background polling no longer accidentally renews user sessions, preventing unintended session extension
  • SessionRegenerate save args and lifetime corrected — sessions were not being stored properly before this fix
  • DockerHub replication adapter now uses /v2/auth/token endpoint for bearer token retrieval, fixing broken hub pulls
  • Scanner API bug fixed — affects scanner integrations like Trivy configured through Harbor's API
  • Go runtime bumped to 1.25.9, base image updated to goharbor/photon:5.0, and go-jose/go-jose + OpenTelemetry SDK updated
原文

Vitess

Storage & Data2026年5月7日

日本語 準備中Vitess v24.0.1 is a focused patch release fixing a VTGate query planner bug with DML subqueries, reverting a problematic VTOrc flag, and resolving flaky VTTablet unit tests.

  • breakingRemove VTOrc --cells-to-watch flag if you added it

    The 'cells to watch' flag introduced in #19354 has been reverted. If you added this flag to your VTOrc configuration or startup scripts after upgrading to v24.0.0, remove it before upgrading to v24.0.1 — VTOrc will fail to start with an unrecognized flag error.

  • enhancementUpgrade if you use DML subqueries through VTGate

    A query planner bug affected IN/NOT IN subqueries inside DML statements (INSERT/UPDATE/DELETE). Merged subqueries weren't being substituted correctly via ListArg placeholders, which could produce wrong query behavior. If your application runs DML with subqueries routed through VTGate, this patch directly addresses that correctness issue — upgrade promptly.

主な変更 (4)
  • VTGate planner fix: DML IN/NOT IN subqueries now correctly use ListArg placeholders after merging — prevents potential query correctness issues
  • VTOrc reverted the 'cells to watch' flag (#19354) — if you applied that flag in v24.0.0, it's now gone and configs referencing it will need cleanup
  • VTTablet flaky unit tests fixed in go/mysql and vreplication — shared root cause addressed, improving CI reliability
  • vtcombo startup hang fixed — previously could block for up to 10 minutes if vtcombo exited during startup
原文

Vitess

Storage & Data2026年5月7日

日本語 準備中v23.0.4 is a stability-focused patch release fixing multiple panics in VTOrc, VTGate, and ERS, plus critical VReplication and routing rule bugs that could silently misdirect traffic.

  • securityGo upgraded to 1.25.9 — check your custom builds

    The Go runtime was bumped from 1.25.8 to 1.25.9 within this release cycle. If you build Vitess from source or maintain custom images, rebuild against go1.25.9 to pick up any runtime-level fixes included in that Go patch release.

  • breakingUpgrade immediately if you use ERS or semi-sync replication

    Three separate ERS bugs were fixed: nil pointer panics during errant GTID detection, broken cancellation logic, and IO threads not restarting on replicas after ERS failure. Any of these can leave your cluster in a degraded state after a failover. If you run semi-sync with VTOrc, the ReplicationStopped + PrimarySemiSyncBlocked deadlock fix is equally critical — it could stall recovery entirely. Upgrade before your next planned maintenance window at the latest.

  • enhancementRouting rule and schema-tracker fix affects multi-keyspace setups

    VTGate was not rebuilding routing rules after schema-tracker updates, and was dropping the target keyspace during routing rule AST rewrites. Both are silent bugs — queries appear to work but may land on the wrong keyspace. If you use routing rules with multiple keyspaces, validate query routing behavior after upgrading to confirm traffic is going where you expect.

主な変更 (5)
  • Fixed panic in VTOrc when handling ReplicationStopped + PrimarySemiSyncBlocked recovery simultaneously — a deadlock risk in HA scenarios
  • EmergencyReparentShard (ERS) fixes: nil pointer panic in errant GTID detection, broken cancellation in reparentReplicas(), and IO thread restart failures after ERS failure
  • VTGate: routing rules now correctly rebuild after schema-tracker updates, and target keyspace is preserved when routing rules rewrite table AST — both are silent correctness bugs
  • VTGate: buffer no longer restarts after shutdown, preventing potential connection storms during controlled restarts
  • Go runtime upgraded to go1.25.9, and vitessdriver now correctly returns string for binary result values (regression fix)
原文

Harbor

Storage & Data2026年5月6日

日本語 準備中Harbor v2.15.1 is a patch release focused on CVE fixes, security hardening, and several behavioral bug fixes including proxy cache, session management, and GC credential leak.

  • securityRedeploy now to stop Redis credentials leaking from GC job metadata

    Before this fix, the GC job stored the Redis URL (including credentials) in its extra attributes, which are accessible via the Harbor API and potentially logged. If you run GC jobs and have Redis auth configured, treat any previously captured GC job metadata as potentially containing plaintext credentials. Rotate Redis passwords and upgrade to v2.15.1 promptly.

  • securityCVE patches in base image — upgrade before your next scan cycle

    The Photon base image was updated specifically to address CVEs, then stabilized on photon:5.0. If you're running v2.15.0 in a security-conscious environment, your vulnerability scanner will likely flag the older image. Upgrade to v2.15.1 to clear those findings before they become audit issues.

  • enhancementSession behavior change: idle timeouts will now work as configured

    Background polling in the UI was silently keeping sessions alive indefinitely by resetting the TTL on every poll cycle. After this fix, sessions will actually expire when users are idle. If your org relies on session timeouts for compliance, this fix makes them effective. Warn users they may now be logged out after inactivity — this is correct behavior, not a regression.

主な変更 (5)
  • Photon base image updated to fix CVEs; base image reverted to goharbor/photon:5.0
  • GC job now redacts Redis URL credentials from extra attributes — previously these could be exposed in logs or API responses
  • Background UI polling no longer renews session TTL, preventing phantom session extensions
  • DockerHub adapter now correctly calls /v2/auth/token for bearer token acquisition
  • go-jose and OpenTelemetry SDK dependencies bumped; Go runtime updated to 1.23.9
原文

Longhorn

Storage & Data2026年5月5日

日本語 準備中Longhorn v1.11.2 is a stability-focused patch fixing CSI scheduling breakage in compute/storage split architectures, infinite replica scheduling loops, and memory bloat in longhorn-manager.

  • breakingFix CSI scheduling in compute/storage split clusters — action required

    If you run a dedicated compute/storage node architecture and use WaitForFirstConsumer PVCs, your pods may have been stuck pending due to compute nodes reporting 0 CSI capacity. Upgrade to v1.11.2 and configure the new CSIStorageCapacity setting to prevent capacity reporting on non-storage nodes. Check your Longhorn settings after upgrade and validate that pending PVCs now schedule correctly.

  • breakingReplica Auto-Balance infinite loop — upgrade if you use Auto-Balance

    A bug caused Replica Auto-Balance to enter an infinite scheduling loop, which wastes CPU and can destabilize volume operations. If Auto-Balance is enabled in your cluster, this is a strong reason to prioritize this patch. No config change needed after upgrade — the fix is in the reconciliation logic.

  • enhancementMemory savings in longhorn-manager — relevant for large clusters

    Informer caching for longhorn-manager has been optimized to reduce cluster-wide memory consumption. In large clusters with many nodes and volumes, this can meaningfully reduce the manager pod's footprint. No action required beyond upgrading, but worth monitoring memory usage before and after to quantify the improvement in your environment.

主な変更 (5)
  • New setting to control CSIStorageCapacity reporting — fixes WaitForFirstConsumer scheduling failures on compute nodes without Longhorn disks
  • Replica Auto-Balance infinite scheduling loop bug fixed, which could cause runaway reconciliation
  • Replica rebuild progress capped at 100% — cosmetic but caused confusion under flaky network conditions
  • longhorn-manager memory reduced via optimized cluster-wide informer caching
  • Node exhaustion from backup inspect buildup under NFS latency conditions resolved
原文
月別に見る