Changelog

Version 23.09-SP2-248

VPSA Storage Array / VPSA Flash Array

• ZSTRG-28238 - VPSA version 23.03-SP2 introduces significant improvements in the failover time, further improving the efficiency and transparency of VPSA Engine upgrade, software upgrade and scheduled failover for VPSA server clients. This enhancement will be visible to server clients after the VPSA has been fully upgraded to 23.09-SP2.

• ZSTRG-27428 - Interoperability (VMware ESXi v8): Renewed official support for VPSA with FC connectivity

• ZSTRG-30033 - Fixed an issue in the server’s automatic connection script that caused an error during execution on RHEL

• ZSTRG-30020 - For RAID groups, the VPSA will set the maximum sync speed based on the media type (HDD or SSD)

• ZSTRG-28463 - Added the VPSA description to the main dashboard information tile

Object Storage

• ZSTRG-29616 - Fixed an issue where the Object Storage was stuck in the “Rebalancing” state

• ZSTRG-29485 - Fixed an issue where VHS mode couldn’t be enabled after being disabled

• ZSTRG-28113 - Scaling enhancements for OLCP (Object Life Cycle Policy) to support expiration rules for large-scale containers

• ZSTRG-28961 - Fixed an issue where renaming an object failed when using the CyberDuck client

• ZSTRG-28941 - Fixed an issue where deleting a large object from the management console did not delete the underlying segments

• ZSTRG-28931 - Added the expiration timestamp response for OLCP enabled containers’ PUT requests (S3 API)

• ZSTRG-28395 - Fixed an issue where a Static Website returned a 500 error instead of a 40X error

• ZSTRG-28449 - Fixed an issue when using temporary URLs for large objects (Swift API)

• ZSTRG-28857 - Fixed an issue where querying the accounts API returned an incorrect account count

• ZSTRG-28463 - Added the Object Storage description to the main dashboard information tile

• ZSTRG-28401 - Fixed an issue where account capacity usage is presented incorrectly

• ZSTRG-28188 - Fixed a Proxy server issue where an incomplete PUT, terminated prematurely by the client, was not handled as expected by the Proxy, leading to high memory utilization.

• ZSTRG-28186 - Fixed an issue with account custom reporting where the usage was calculated for a fixed 30-day period

Command Center

• ZSTRG-29814 - Fixed an issue where setting Active Directory connectivity was not successful while using a Firefox browser

• ZSTRG-29530 - Fixed an issue where trying to set a custom logo was not working as expected

• ZSTRG-29387 - Fixed an issue where the Object Storage view was returning an error

• ZSTRG-28637 - Fixed an issue where the displayed timezone did not match the cloud’s configured timezone

Provisioning Portal

• ZSTRG-29964 - Fixed an issue in the VPSA creation wizard where some of the extended cache options were not displayed

• ZSTRG-28989 - Add the ability to hide Object Storage for a new service offering

Security

Version 23.09-SP2 introduces a range of security fixes and enhancements across the entire zStorage product line.

Notable updates include the mitigation of the following CVEs:

• CVE-2024-38428

• CVE-2024-1013

• CVE-2024-6345

• CVE-2024-3651

Version 23.09-SP1-317

Command Center

• ZSTRG-28683 - Increase Cloud Control allowed IP from 50 to 256 IP entries

Version 23.09-SP1-309

Object Storage

• ZSTRG-23790 - Added Object Life Cycle support (including S3 API support)

• ZSTRG-26582 - Added S3API CORS support

• ZSTRG-27854 - Adjust container permissions cache to 60 seconds. With this change, both Container and Account ACL cache duration are 60 seconds

• ZSTRG-27300 - Improved responsiveness of the Object Storage management console, particularly when handling multiple user requests, has been implemented to address slow UI performance

• ZSTRG-28020 - Usage reports generator can now produce reports for the last two calendar months

• ZSTRG-28211 - Fixed an issue where a disabled account user could still access the system

• ZSTRG-27872 - Fixed an issue where an object that contains a comma (,) in its name couldn’t be deleted from the console

• ZSTRG-27379 - Fixed an issue where the capacity dashboard graph doesn’t reflect the actual capacity

• ZSTRG-26953 - Fixed an issue where the diagnostic reachability test failed for the Public IP as the source interface

VPSA Storage Array / VPSA Flash Array

• ZSTRG-27217 - Added support for VMware’s Extended-XCOPY API to allow Storage vMotion across two storage array. Users who wish to leverage this capability, please contact support@zadara.com

• ZSTRG-28029 - Improved failover experience for VPSAs with block volumes consumers

• ZSTRG-27898 - Adjusted the demote rate from the VPSA performance SSD tier to the capacity tier in an All Flash Array to avoid high SSD tier usage

• ZSTRG-27539 - (VPSA Storage Array) New encrypted volumes will use a new encryption cipher which improves performance. There is no impact on existing VPSA volumes and VPSA Flash Array

• ZSTRG-27321 - Enhanced stability for RAID protection

• ZSTRG-28300, ZSTRG-28216 - Fixed an issue where internal API timeout can lead to a controller failover

• ZSTRG-27875 - Fixed an issue where VPSA Flash Array went into Lock-Down state

• ZSTRG-26953 - Fixed an issue where diagnostic reachability test failed for Public IP as the source interface

Command Center

• ZSTRG-27886 - Fixed an issue where user with a RO permissions couldn’t get the Storage Node CPU information

• ZSTRG-27547 - RestAPI - Fixed an issue where used capacity per VPSA was not returned correctly

Provisioning Portal

• ZSTRG-27144 - General UI enhancements

• ZSTRG-28110 - Fixed an issue where unsupported protection policies were listed for Object Storage creation

Storage Node & Cloud Orchestration

• ZSTRG-28505 - Rolled out a new zStorage Cloud Controller certificate

• ZSTRG-22856 - Enhanced the cloud internal monitoring capabilities to detect networking issues

Security

Version 23.09-SP1 introduces a range of security fixes and enhancements across the entire zStorage product line, bolstering protection and improving user safety.

Notable updates include the mitigation of the following CVEs:

CVE-2024-26130 CVE-2024-21626 CVE-2024-20952 CVE-2024-24680 CVE-2023-45803 CVE-2023-2603 CVE-2023-33460 CVE-2023-45802 CVE-2022-31160 CVE-2022-31160

CVE-2021-41184 CVE-2021-41183 CVE-2021-41182 CVE-2020-22219 CVE-2020-11022 CVE-2020-11023 CVE-2019-9511 CVE-2019-9513 CVE-2019-9516

CVE-2019-8331 CVE-2019-11358 CVE-2018-14041 CVE-2018-20676 CVE-2018-14040 CVE-2018-14042 CVE-2018-20677 CVE-2016-10735 CVE-2015-9251

Version 23.09-302

Object Storage

• ZSTRG-25989 - Variety of improvements for a metadata policy performance and scale-out process

• ZSTRG-25736 - Fixed an issue where the public URL is not presented with a custom endpoint

• ZSTRG-25251 - Fixed an issue where changing the Object Storage instance name is not populated in the UI

• ZSTRG-23709 - Added the ability to set account/container level quota

• ZSTRG-23073 - Strong Consistency for all object operations

• ZSTRG-24592 - Added the option to define container level auditing

• ZSTRG-26506 - Added Zadara’s Object Storage signature to S3API responses (Server = Zadara)

VPSA Storage Array / VPSA All Flash

• ZSTRG-26744 - Fixed an issue where high memory utilization is caused due to an internal reporting process

• ZSTRG-26686 - Fixed an issue where snapshot is stuck in “Deletion Pending” state

• ZSTRG-25274 - Starting of 23.09 creating new RAID6 Raid-Group is not allowed

• ZSTRG-25022 - Added the option to list existing tags for Volumes filtering

• ZSTRG-22987 - Added a display of expected volume size post expansion

• ZSTRG-24727 - Upgrade Samba SMB service

• ZSTRG-22767 - KMIP KMS Equinix SmartKeys is now labeled as Fortanix DSM

Command Center

• ZSTRG-26652 - Allow administrator to select a permanent UI language in the VPSA UI view (cloud_admin), with the new behavior the language selected for the cloud_admin view will persist.

• ZSTRG-27270 - Updated zadarastorage.com TLS certificate

Provisioning Portal

• ZSTRG-25855 - Fixed an issue where custom logo got stretched in the login screen

• ZSTRG-19954 - Added the ability for VPSAs owners to upgrade their VPSA software version directly from the Provisioning Portal

• ZSTRG-26272 - (AWS Marketplace Users) Added the visibility of the AWS account ID

• ZSTRG-26272 - (AWS Marketplace Users) Added a protection to prevent AWS account association

• ZSTRG-27270 - Updated zadarastorage.com TLS certificate

Security

Provisioning Portal

• ZSTRG-24912 - Diverse security-related solutions and improvements aimed at enhancing the security of Provisioning Portal web application.

Command Center

• ZSTRG-24912 - Diverse security-related solutions and improvements aimed at enhancing the security of Provisioning Portal web application.

VPSA Storage Array/Flash Array

• ZSTRG-24912 - Diverse security-related solutions and improvements aimed at enhancing the security of Provisioning Portal web application.

Cloud common components

• ZSTRG-26902 - Upgraded cross cloud components to mitigate the following CVEs

  CVE-2019-20838

  CVE-2022-24407

API Documentation

The zStorage cloud products API documentation is now available in a unified portal: https://api-doc.zadara.com/ The old documentation portals will be deprecated gradually and currently serves the RestAPI documentation for version 23.03 and below.