30 releases 74 tags

RSS feed

• v0.8.6 d94b086db3

  Compare

  Garage v0.8.6 Stable

  lx released this 2024-03-01 14:05:01 +00:00 | 625 commits to main since this release

  Signed by lx

  GPG key ID: 0E496D15096376BE

  Garage v0.8.6

  This minor release is a security release that fixes the following issues:

  • Fix timing side-channel vulnerability in admin/metrics token comparison and in AWS signature v4 verification (#737, backported in #740)

  • Ensure that the correct set of headers (in particular, x-amz-* headers) are included in signature calculation (#735, #745, backported in #744)

  Thanks to Radicallly Open Security for auditing the code and finding the timing side-channel vulnerabilities.

  Click here to get a binary release suited to your platform

  Downloads

  • Source code (ZIP)
    2 downloads
  • Source code (TAR.GZ)
    1 download