# Release notes for Gluster 5.1

This is a bugfix release. The release notes for [5.0](5.0.md) contains a listing of
all the new features that were added and bugs fixed in the GlusterFS 5 stable
release.

**NOTE:** Next minor release tentative date: Week of 10th December, 2018

## Major changes, features and limitations addressed in this release

This release contains fixes for several security vulnerabilities in Gluster as
follows,
- https://nvd.nist.gov/vuln/detail/CVE-2018-14651
- https://nvd.nist.gov/vuln/detail/CVE-2018-14652
- https://nvd.nist.gov/vuln/detail/CVE-2018-14653
- https://nvd.nist.gov/vuln/detail/CVE-2018-14654
- https://nvd.nist.gov/vuln/detail/CVE-2018-14659
- https://nvd.nist.gov/vuln/detail/CVE-2018-14660
- https://nvd.nist.gov/vuln/detail/CVE-2018-14661

## Major issues

**None**

## Bugs addressed

Bugs addressed since release-5.0 are listed below.

- [#1641429](https://bugzilla.redhat.com/1641429): Gfid mismatch seen on shards when lookup and mknod are in progress at the same time
- [#1641440](https://bugzilla.redhat.com/1641440): [ovirt-gluster] Mount hung and not accessible
- [#1641872](https://bugzilla.redhat.com/1641872): Spurious failures in bug-1637802-arbiter-stale-data-heal-lock.t
- [#1643078](https://bugzilla.redhat.com/1643078): tests/bugs/glusterd/optimized-basic-testcases-in-cluster.t failing
- [#1643402](https://bugzilla.redhat.com/1643402): [Geo-Replication] Geo-rep faulty sesion  because of the directories are not synced to slave.
- [#1644158](https://bugzilla.redhat.com/1644158): geo-rep: geo-replication gets stuck after file rename and gfid conflict
- [#1644161](https://bugzilla.redhat.com/1644161): cliutils: geo-rep cliutils' usage of Popen is not python3 compatible
- [#1644314](https://bugzilla.redhat.com/1644314): build/packaging: el-X (x > 7) isms
- [#1644514](https://bugzilla.redhat.com/1644514): geo-rep: On gluster command failure on slave, worker crashes with python3
- [#1644515](https://bugzilla.redhat.com/1644515): geo-rep: gluster-mountbroker status crashes
- [#1644526](https://bugzilla.redhat.com/1644526): Excessive logging in posix_update_utime_in_mdata
- [#1644622](https://bugzilla.redhat.com/1644622): [Stress] : Mismatching iatt in glustershd logs during MTSH and continous IO from Ganesha mounts
- [#1644645](https://bugzilla.redhat.com/1644645): [AFR] : Start crawling indices and healing only if both data bricks are UP in replica 2 (thin-arbiter)
- [#1646204](https://bugzilla.redhat.com/1646204): CVE-2018-14654 glusterfs: "features/index" translator can create arbitrary, empty files [fedora-all]
- [#1646896](https://bugzilla.redhat.com/1646896): [Geo-Replication] Geo-rep faulty sesion  because of the directories are not synced to slave.
- [#1647663](https://bugzilla.redhat.com/1647663): CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]
- [#1647664](https://bugzilla.redhat.com/1647664): CVE-2018-14653 glusterfs: Heap-based buffer overflow via "gf_getspec_req" RPC message [fedora-all]
- [#1647665](https://bugzilla.redhat.com/1647665): CVE-2018-14659 glusterfs: Unlimited file creation via "GF_XATTR_IOSTATS_DUMP_KEY" xattr allows for denial of service [fedora-all]
- [#1647666](https://bugzilla.redhat.com/1647666): CVE-2018-14661 glusterfs: features/locks translator passes an user-controlled string to snprintf without a proper format string resulting in a denial of service [fedora-all]
- [#1647801](https://bugzilla.redhat.com/1647801): can't enable shared-storage
- [#1647962](https://bugzilla.redhat.com/1647962): CVE-2018-14660 glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion [fedora-all]
- [#1647968](https://bugzilla.redhat.com/1647968): Seeing defunt translator and discrepancy  in volume info when issued from node which doesn't host bricks in that volume
- [#1648923](https://bugzilla.redhat.com/1648923): gfapi: fix bad dict setting of lease-id