Hi folks,
The 2022.10 tag has been pushed to master on git.lavasoftware.org. .deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and are available from
and
https://hub.docker.com/u/lavasoftware
Changes in this release ==================
## New device-types
New supported devices:
* acer-R721T-grunt * k3-am625-sk * r8a77950-ulcb * sc7180-trogdor-kingoftown
## Security issue
A security issue as been discovered in LAVA. We advice LAVA admins to upgrade their instances.
## Django authentication
Fix two authorization issues for device (type) visibility
First one is on worker detail page while looking at transitions, a non-authorized user can see device transitions for devices he's not supposed to.
Second one is the device type health history; users are able to view the whole page they're not supposed to. Also on the same page, transitions are shown to non-authorized users.
## Use monotonic times
`time.time()` is affected by system time changes like daylight savings, leap seconds and clock drift.
Monotonic time will always move forward. lava-dispatcher is now using it to compute duration and timeouts.
Thanks
Hello,
Le mar. 11 oct. 2022 à 17:09, Remi Duraffort remi.duraffort@linaro.org a écrit :
Hi folks,
The 2022.10 tag has been pushed to master on git.lavasoftware.org. .deb packages have been built in GitLab CI and are published at
https://apt.lavasoftware.org/release
Docker images for amd64 and arm64 have been built in GitLab CI and are available from
and
https://hub.docker.com/u/lavasoftware
Changes in this release
## New device-types
New supported devices:
- acer-R721T-grunt
- k3-am625-sk
- r8a77950-ulcb
- sc7180-trogdor-kingoftown
## Security issue
A security issue as been discovered in LAVA. We advice LAVA admins to upgrade their instances.
A CVE has been granted. See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-42902
## Django authentication
Fix two authorization issues for device (type) visibility
First one is on worker detail page while looking at transitions, a non-authorized user can see device transitions for devices he's not supposed to.
Second one is the device type health history; users are able to view the whole page they're not supposed to. Also on the same page, transitions are shown to non-authorized users.
## Use monotonic times
`time.time()` is affected by system time changes like daylight savings, leap seconds and clock drift.
Monotonic time will always move forward. lava-dispatcher is now using it to compute duration and timeouts.
Thanks
-- Rémi Duraffort LAVA and Tux Architect Linaro
lava-announce@lists.lavasoftware.org
-
Remi Duraffort