Difference between revisions of "Security Updates"

From OSNEXUS Online Documentation Site
Jump to: navigation, search
m (Linux Base OS Security Fixes / Notifications)
m (Linux Base OS Security Fixes / Notifications)
Line 13: Line 13:
 
== Linux Base OS Security Fixes / Notifications ==
 
== Linux Base OS Security Fixes / Notifications ==
  
Security notifications for QuantaStor base OS packages are now available at the OSNEXUS Security Notices site [http://services.osnexus.com/security/|here]
+
Security notifications for QuantaStor base OS packages are now available at the OSNEXUS Security Notices site [http://services.osnexus.com/security here]
  
 
== Core Product Security Updates ==
 
== Core Product Security Updates ==

Revision as of 14:16, 26 August 2015

QuantaStor uses the Ubuntu Server LTS linux distributions as a Linux OS basis. QuantaStor also utilizes the security patches packaged by Canonical to address the needs of customers to patch various parts of the operating system to ensure security and stability of the system.

QuantaStor 3.x Security Notifications

On this page we maintain a summary of all the product changes made to QuantaStor which are security related and we post specific notices about Linux security issues that effect packages distributed with QuantaStor such as the openssl libraries.

For details on the all the latest security notifications for the Ubuntu LTS release used by QuantaStor please see (http://www.ubuntu.com/usn/precise/). We recommend that appliance administrators perform periodic auditing of their systems and install any and all security updates. It is highly recommended that systems are updated to the latest patched before being initially deployed. To apply the latest updates including security updates you should login to the system as the administrator 'qadmin' account and run the following commands:

sudo apt-get update
sudo apt-get upgrade

Linux Base OS Security Fixes / Notifications

Security notifications for QuantaStor base OS packages are now available at the OSNEXUS Security Notices site here

Core Product Security Updates

QuantaStor 3.15.1 (May 28th 2015)

  • adds firewall support for disabling access to unused storage services
  • fix to support creation of roles with no permissions

QuantaStor 3.15.0 (May 1st 2015)

  • adds support for customizing the pem files for all services (core qs_service, REST service, and Tomcat)
  • adds support for customizing the SSL ciphers, applies strong cipher limits automatically
  • adds SSL cert generation script which deposits custom certs into /var/opt/osnexus/quantastor/ssl which are automatically picked up by REST and core services
  • adds script command to upgrade from Java 6 to Java 7 (qs-util java7upgrade), which allows browsers to connect via https using stronger ciphers / TLS 1.2
  • fix to disable all use of SSLv3 across all internal services (Core service, Tomcat, REST API service) in favor of TLS for improved security / HIPAA compliance
  • fix to allow removal of duplicate 'admin' users
  • fix to remove duplicate user entries in Samba config when user assigned as 'Admin' on a share
  • fix to password length enforcement (8-34 char)

QuantaStor 3.12.2 (July 22nd 2014)

  • fix to set password error message to show 8 to 40 characters required
  • fix to update user password changes to all grid nodes

QuantaStor 3.12.0 (June 27th 2014)

  • adds new https keystore for web management interface (be sure to clear your browser cache)
  • adds secure mode 'qs-util disablehttp' to enable/disable http access (port 80) to force admins to use https for web management
  • fix to core service to allow for changing openssl pem files

QuantaStor 3.9.3 (March 7th 2014)

  • fix to AD domain leave operation to remove AD computer entry