RATATOSKRATATOSK
ログイン

リリース

CNCF graduated・incubatingプロジェクトのリリースノートのAI分析。

2026年6月解除 ×

Dragonfly

Storage & Data2026年6月25日

日本語 準備中Dragonfly v2.5.0 is a feature release adding Hugging Face/ModelScope model downloads, a P2P injector webhook, download blocklisting, and broad rate limiting, alongside a breaking removal of deprecated V1 preheat API endpoints and health check consolidation to /healthy. It also ships numerous bug fixes and Nydus subproject improvements.

  • breakingV1 preheat API endpoints removed

    Applies unconditionally starting v2.5.0: the deprecated V1 preheat API endpoints have been removed. Any automation or integration still calling V1 preheat routes must migrate to the current preheat API before upgrading.

  • breakingHealth checks consolidated to /healthy

    Applies unconditionally starting v2.5.0: health checks are consolidated onto a single /healthy endpoint. Update load balancer, Kubernetes probe, and monitoring configs that point at old or multiple health check paths.

  • enhancementEmergency download blocklist

    Available now via Manager console: operators can configure a blocklist to disable specific downloads as an emergency brake. Blocked gRPC calls return PermissionDenied and blocked HTTP proxy calls return FORBIDDEN, useful for incident response.

  • enhancementRate limiting across gRPC and client paths

    Available now across Manager/Scheduler gRPC servers and clients: rate limiting covers bandwidth, upload/download requests, and adaptive limiting. Review limits before rollout to avoid unexpected throttling of legitimate traffic.

主な変更 (8)
  • Breaking: deprecated V1 preheat API endpoints removed and health checks consolidated to a single /healthy endpoint.
  • New: Dragonfly Client can download model repositories directly from Hugging Face and ModelScope, accelerating Git LFS data via P2P and fetching metadata over Git protocol.
  • New: dragonfly-injector Mutating Admission Webhook auto-injects P2P capability into Pods via annotation policies, with Helm chart support.
  • New: configurable blocklist in Manager console lets operators disable specific downloads as an emergency measure (gRPC returns PermissionDenied, HTTP proxy returns FORBIDDEN).
  • New: rate limiting added across Manager/Scheduler gRPC servers and client-side bandwidth/request handling to protect source services.
  • New: dfctl CLI for managing local storage tasks (list, remove, preheat) against the Scheduler; dfdaemon can now infer upstream registry from containerd's ns query parameter.
  • Performance and reliability: improved parent peer selection before scheduling, buffered file export/download writes, tuned gRPC stream buffers for large transfers, and HTTP backend fixes (HTTP/1.1, HEAD retry logic, stripped auth headers on cross-origin redirects, fixed relative 307 redirect caching).
  • Plus several smaller fixes: Redis Lua script argument order for peer TTL, PostgreSQL SERIAL sequence handling after seeding, ExternalRedis TLS support, and Nydus subproject updates (prefetch-optimized blobs, DAX backend support, several builder/image-detection bug fixes).
原文

Dragonfly

Storage & Data2026年6月25日

日本語 準備中v2.4.4 is a routine maintenance release for Dragonfly, fixing three scheduler bugs around peer concurrency, memory leaks, and register delay, alongside a batch of dependency bumps. No security fixes or operator-facing breaking changes are included.

主な変更 (5)
  • Scheduler fix removes a stale AnnouncePeer stream reference that was causing a transport memory leak
  • Scheduler now correctly enforces peer concurrency limits during preheat jobs
  • Scheduler skips the exponential backoff delay for super seed peers on register
  • Dependency bumps: containerd 1.7.32 to 1.7.33, go-redis/v9 9.19.0 to 9.21.0, mongo-driver 1.17.0 to 1.17.7, golang.org/x/crypto to 0.53.0, retry-go upgraded to v5, plus minor bumps to actions/checkout and gomega
  • Internal helper functions MustParseRange, ParseOneRange, and ParseURLMetaRange were removed as part of a code refactor (no external API impact)
原文

Vitess

Storage & Data2026年6月24日

日本語 準備中Vitess v24.0.2 is a patch release combining two security hardening fixes (gRPC auth timing, twopcz value escaping) with a broad set of bug fixes across backup/restore, VReplication, vtgate, VTOrc, and connection pooling. No breaking API or config changes are stated.

  • securityTwo security hardening fixes: gRPC auth timing, twopcz reflected values

    Fixes for a timing side-channel in the static gRPC auth plugin's password comparison and a reflected-value escaping gap in the twopcz handler. Both apply unconditionally; upgrade to v24.0.2 if you run gRPC static auth or expose the twopcz endpoint.

主な変更 (7)
  • servenv: static gRPC auth plugin now uses constant-time password comparison, closing a timing side-channel.
  • tabletserver: twopcz handler now escapes reflected form values, closing a reflected-injection gap.
  • smartconnpool: multiple fixes covering MaxLifetime jitter, refresh worker persistence after reopen, idle reopen stalls, close deadlocks, Setting preservation, and rejecting SetCapacity on a closed pool.
  • VTOrc: fixed a deadlock between PrimaryIsReadOnly recovery and PrimarySemiSyncBlocked, plus a gauge reset for resolved errant GTIDs.
  • VReplication/vtgate: fixed a vstream StopOnReshard hang on reshard convergence, stale healthcheck updates from replaced tablets, and DECIMAL JSON leading-zero handling in binlog decoding.
  • vtgate: Filter streaming path now uses ToBoolean() for correct results, and prepared statements in OLAP/streaming mode get specialized plans.
  • Plus about six smaller fixes: mysqlctl remote shutdown timeout propagation, backup lastErr clearing, keyspaceState leak in discovery, etcd2topo lock-cleanup RPC bounding, and vttablet Stream schema clobbering.
原文

Vitess

Storage & Data2026年6月24日

日本語 準備中v23.0.5 is a bug-fix rollup with two medium-severity security hardening fixes. Changes span connection pooling, query planning, VReplication, VTOrc, topology, and backup/restore, with no API, config, or default changes.

  • securityTiming-safe password comparison in static gRPC auth plugin

    The static gRPC auth plugin now uses constant-time comparison for passwords, closing a potential timing-based credential leak. Applies to all deployments using static gRPC authentication.

  • securityReflected-input escaping in twopcz handler

    The twopcz debug handler now escapes reflected form values, preventing reflected input injection. Applies to any deployment where the twopcz handler endpoint is reachable.

主な変更 (7)
  • Two medium-severity security fixes: constant-time password comparison in the static gRPC auth plugin and reflected-input escaping in the twopcz handler.
  • smartconnpool fixes several connection lifecycle bugs: expired waiters receiving returned connections, MaxLifetime jitter, refresh worker loss after reopen, idle reopen stalls, close deadlocks, and rejection of SetCapacity on a closed pool.
  • VTOrc resolves a data race in forgetAliases cache initialization, a deadlock between PrimaryIsReadOnly recovery and PrimarySemiSyncBlocked, and incorrect persistence of the CurrentErrantGTIDCount gauge after errant GTIDs are resolved.
  • VReplication binlog handling now correctly preserves leading zeroes and trims leading zeroes for DECIMAL JSON values (e.g. 0.1) that a prior fix missed.
  • VTGate planner corrects merged DML IN/NOT IN subquery substitution via ListArg placeholder; the Filter streaming path now uses ToBoolean() correctly and builds specialized plans for prepared statements in OLAP/streaming mode.
  • vstream StopOnReshard hang on reshard convergence is fixed; stale healthcheck updates from a replaced tablet's canceled connection check are dropped.
  • Additional fixes: mysqlctl remote shutdown timeout propagation, keyspaceState leak in Discovery, etcd2topo unbounded lock-acquisition cleanup RPCs, and vttablet Stream schema clobbering for non-keyspace fields.
原文

Rook

Storage & Data2026年6月16日

日本語 準備中Rook v1.20.1 is a patch release focused on Ceph operator stability: Ceph CSI driver compatibility, OSD major-version handling, and CSI-addons disabled by default to reduce unexpected behavior.

  • breakingCSI-addons disabled by default — check cluster dependencies

    CSI-addons (snapshot, clone, and expansion features) are now disabled by default in v1.20.1. If your workloads rely on these features, you must explicitly enable them in the Ceph cluster spec or your RWX volume snapshots and clones will fail. Review helm values and operator configs to enable addons before upgrade if needed.

  • enhancementUse node labels for OSD device class assignment instead of manual mapping

    Instead of hardcoding device class assignment per node, you can now use Kubernetes node labels (like `disk-type: ssd`) to automatically classify OSDs. This simplifies scaling clusters with mixed hardware. Apply node labels, then reference them in the Ceph cluster spec to avoid per-node configuration drift.

  • enhancementOSD require-osd-release is now enforced after major Ceph upgrades

    After a major Ceph version upgrade (e.g., Quincy to Reef), Rook now sets `require-osd-release` automatically to prevent old OSDs from rejoining before the cluster is ready. Before upgrade, ensure all OSDs can be updated together; if you have pinned some OSDs to an older version, they will be blocked from joining until unpinned.

主な変更 (5)
  • Helm chart now includes Rook-compatible Ceph CSI driver values for easier integration
  • OSD require-osd-release is enforced after Ceph major upgrades to prevent version mismatch issues
  • CSI-addons disabled by default to prevent unintended feature activation
  • Node labels can now be used for OSD device class assignment, replacing manual configuration
  • Stale MDS and RGW pod disruption budgets are cleaned up automatically to avoid blocking cluster operations
原文

Rook

Storage & Data2026年6月2日

日本語 準備中Rook v1.20 hands CSI driver management to the Ceph CSI operator — a breaking change for anyone with custom CSI config — while adding encrypted OSD resize, Vault Agent SSE-S3, and stabilizing concurrent cluster reconciliation.

  • breakingMigrate CSI config to Ceph-CSI operator before customizing anything

    Existing clusters will survive the upgrade with previously applied CSI settings, but any future CSI changes must go through the Ceph-CSI OperatorConfig and Driver CRs — not the Rook configmap. Helm users need the ceph-csi-drivers chart for operator settings (custom images stay in rook-ceph chart values). Audit your current CSI customizations now and plan the migration path before upgrading. Don't wait until you need to change a CSI setting post-upgrade to figure this out.

  • enhancementAudit CRUSH rules before upgrading if you rely on custom ones

    Rook now deletes unused CRUSH rules by default on mgr startup. If your environment has CRUSH rules that appear unused but are intentionally retained for failover or manual placement, set ROOK_DELETE_UNUSED_CRUSH_RULES=false in the operator config before upgrading. Losing custom CRUSH rules silently is the kind of thing that only hurts when you need them most.

  • enhancementEnable concurrent cluster reconciliation if running multiple Ceph clusters

    ROOK_RECONCILE_CONCURRENT_CLUSTERS is now marked stable after testing in prior releases. If you manage multiple CephCluster objects in one operator, enable this setting to reduce reconciliation bottlenecks. This is especially useful in multi-tenant or multi-cluster operator deployments where one slow cluster previously blocked others.

主な変更 (5)
  • Breaking: CSI settings removed from Rook operator configmap and Helm chart; new installs must use Ceph-CSI OperatorConfig and Driver CRs
  • Encrypted host-based OSDs now auto-expand when the underlying disk is resized (encryptedDevice: true, non-PVC clusters)
  • SSE-S3 server-side encryption now supports HashiCorp Vault Agent authentication for CephObjectStore
  • Concurrent cluster reconciliation (ROOK_RECONCILE_CONCURRENT_CLUSTERS) is now stable
  • Unused CRUSH rules deleted by default after mgr starts; set ROOK_DELETE_UNUSED_CRUSH_RULES=false to opt out
原文

Longhorn

Storage & Data2026年6月2日

日本語 準備中Longhorn v1.12.0 promotes the V2 Data Engine to GA, ships dual-stack/IPv6 support, and fixes critical instance-manager panics and replica scheduling bugs that caused cascading volume failures.

  • breakingMigrate V2 backing image volumes before upgrading

    Any V2 volume created from a backing image cannot be upgraded in-place. Before upgrading to v1.12.0, back up each affected volume, delete it, and restore from backup — the restored volume has no backing image dependency. Skipping this step will cause attach failures post-upgrade. Use CDI for future VM disk image imports.

  • breakingDetach V2 volumes before patch-level upgrades

    V2 volumes do not support live upgrades between v1.12.x patch releases. Plan maintenance windows to detach all V2 volumes before applying patch upgrades. Live upgrade across minor versions (v1.12 to v1.13) is planned but not yet available.

  • breakingEncrypted migratable volumes need engine image upgrade before live migration

    The LUKS2 header pre-allocation fix for encrypted volumes introduces a constraint: live migration of encrypted volumes requires engine image CLI API version 12 or later. Upgrade the engine image to v1.12.0+ before attempting live migration; otherwise migration will fail.

  • enhancementReview SPDK CPU allocation on existing V2 deployments

    The default CPU mask now uses 2 cores instead of 1. For clusters already running V2 volumes with a manually set single-core mask, consider increasing it — single-core configs under heavy I/O cause RPC starvation and operational instability. On ARM64 with NVMe-backed node disks, avoid multi-core SPDK configs for now and use AIO-backed disks until the stuck I/O bug is resolved.

  • enhancementEnable dual-stack networking — but verify node IP family ordering first

    Dual-stack Kubernetes clusters are now supported, but only when all nodes have IP families configured in the same order (all IPv4-first or all IPv6-first). Audit your node network configs before enabling. Mixed ordering causes replica-to-engine connectivity failures with no obvious error surface.

主な変更 (6)
  • V2 Data Engine reaches GA — but live upgrades between v1.12 patch releases require volume detach first; live upgrade support comes in v1.13
  • V2 Backing Images removed; migrate by backup/restore via CDI before upgrading or face volume attach failures
  • Default SPDK CPU mask changed from 1 core (0x1) to 2 cores (0x3) to prevent RPC starvation under heavy I/O
  • Topology-aware PV provisioning added via csi-allowed-topology-keys setting and strictTopology StorageClass parameter
  • CSIStorageCapacity bug fixed — compute-only nodes no longer report zero capacity and block WaitForFirstConsumer scheduling
  • Instance-manager panic during replica rebuild storms fixed, eliminating cascading volume detachments across PVCs
原文
月別に見る