{"affected":[{"ecosystem_specific":{"binaries":[{"etcd":"3.5.12-bp156.4.3.1","etcdctl":"3.5.12-bp156.4.3.1","etcdutl":"3.5.12-bp156.4.3.1"}]},"package":{"ecosystem":"SUSE:Package Hub 15 SP6","name":"etcd","purl":"pkg:rpm/suse/etcd&distro=SUSE%20Package%20Hub%2015%20SP6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.12-bp156.4.3.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"etcd":"3.5.12-bp156.4.3.1","etcdctl":"3.5.12-bp156.4.3.1","etcdutl":"3.5.12-bp156.4.3.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.6","name":"etcd","purl":"pkg:rpm/opensuse/etcd&distro=openSUSE%20Leap%2015.6"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"3.5.12-bp156.4.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for etcd fixes the following issues:\n\nUpdate to version 3.5.12:\n\n  * Bump golang.org/x/crypto to v0.17+ to address CVE-2023-48795\n  * test: fix TestHashKVWhenCompacting: ensure all goroutine finished\n  * print error log when creating peer listener failed\n  * mvcc: Printing etcd backend database related metrics inside scheduleCompaction function\n  * dependency: update go version to 1.20.13\n  * commit bbolt transaction if there is any pending deleting operations\n  * add tests to test tx delete consistency.\n  * Don't flock snapshot files\n  * Backport adding digest for etcd base image.\n  * Add a unit tests and missing flags in etcd help.\n  * Add missing flag in etcd help.\n  * Backport testutils.ExecuteUntil to 3.5 branch\n  * member replace e2e test\n  * Check if be is nil to avoid panic when be is overriden with nil by recoverSnapshotBackend on line 517\n  * Don't redeclare err and snapshot variable, fixing validation of consistent index and closing database on defer\n  * test: enable gofail in release e2e test.\n  * [3.5] backport health check e2e tests.\n  * tests: Extract e2e cluster setup to separate package\n\n- Update to version 3.5.11:\n\n  * etcdserver: add linearizable_read check to readyz.\n  * etcd: Update go version to 1.20.12\n  * server: disable redirects in peer communication\n  * etcdserver: add metric counters for livez/readyz health checks.\n  * etcdserver: add livez and ready http endpoints for etcd.\n  * http health check bug fixes\n  * server: Split metrics and health code\n  * server: Cover V3 health with tests\n  * server: Refactor health checks\n  * server: Run health check tests in subtests\n  * server: Rename test case expect fields\n  * server: Use named struct initialization in healthcheck test\n  * Backport server: Don't follow redirects when checking peer urls.\n  * Backport embed: Add tracing integration test.\n  * Backport server: Have tracingExporter own resources it initialises.\n  * Backport server: Add sampling rate to distributed tracing.\n  * upgrade github.com/stretchr/testify,google.golang.org/genproto/googleapis/api,google.golang.org/grpc to make it consistent\n  * CVE-2023-47108: Backport go.opentelemetry.io/otel@v1.20.0 and go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc@v0.46.0\n  * github workflow: run arm64 tests on every push\n  * etcd: upgrade go version from 1.20.10 to 1.20.11\n  * bump bbolt to 1.3.8 for etcd 3.5\n  * 3.5: upgrade gRPC-go to 1.58.3\n  * Backport corrupt check test fix 'etcd server shouldn't wait for the ready notification infinitely on startup'\n  * etcdserver: add cluster id check for hashKVHandler\n  * [release-3.5]: upgrade gRPC-go to v1.52.0\n  * backport #14125 to release-3.5: Update to grpc-1.47 (and fix the connection-string format)\n  * Return to default write scheduler since golang.org/x/net@v0.11.0 started using round robin\n  * Bump go to v1.20.10 Part of https://github.com/etcd-io/etcd/issues/16740\n  * bump golang.org/x/net to 0.17.0 Part of https://github.com/etcd-io/etcd/issues/16740\n  * etcd: upgrade go version to 1.20.9\n  * Remove obsolete http 1.0 version.\n  * fix:Ensure that go version is only defined in one file for release-3.5\n  * Fix panic in etcd validate secure endpoints\n  * dependency: bump golang to 1.20.8\n  * Backport redirect metrics data into file to reduce output.\n  * test.sh: increase timeout for grpcproxy test\n  * test: add v3 curl test to cover maintenance hash/hashkv REST API\n  * api: fix duplicate gateway url issue\n  * pkg: add a verification on the pagebytes which must be > 0\n  * tests: Backport deflake for TestWatchDelay\n  * tests: Backport deflake for TestPageWriterRandom\n  * Backport adding unit test for socket options.\n  * Backport export reuse-port and reuse-address\n  * Fix goword failure in rafthttp/transport.go.\n  * Backport update to golang 1.20 minor release.\n  * bump go version to 1.19.12\n  * Update workflows to use makefile recipes for unit, integration & e2e-release.\n  * Backport Makefile recipes for common test commands.\n  * pkg/flags: fix UniqueURLs'Set to remove duplicates in UniqueURLs'uss\n  * Backport fix to e2e release version identifcation.\n  * Backport #14368 to v3.5\n  * Follow up https://github.com/etcd-io/etcd/pull/16068#discussion_r1263667496\n  * etcdserver: backport check scheduledCompactKeyName and finishedCompactKeyName before writing hash to release-3.5.\n  * Backport #13577 Disable auth gracefully without impacting existing watchers.\n  * bump go version to 1.19.11 to fix CVE GO-2023-1878\n  * clientv3: create keepAliveCtxCloser goroutine only if ctx can be canceled\n  * [3.5] etcdutl: fix db double closed\n  * clientv3: remove v3.WithFirstKey() in Barrier.Wait()\n  * update etcdctl flag description for snapshot restores\n  * etcdutl: update description for --mark-compacted and --bump-revision flags in snapshot restore command\n  * Adding optional revision bump and mark compacted to snapshot restore\n  * Revert 'Merge pull request #16119 from natusameer/release-3.5'\n  * Add e2e-arm64.yaml and tests-arm64.yaml to release-3.5 scheduled at 1.30\n  * Backport .github/workflows: Read .go-version as a step and not separate workflow.\n  * Add first unit test for authApplierV3\n  * Early exit auth check on lease puts\n  * remove stack log when etcdutl restore\n  * etcdserver: fix corruption check when server has just been compacted\n  * replace gobin with go install\n  * [3.5] Backport updating go to latest patch release 1.19.10\n  * add compact hash check to help\n  * Fix test of clientv3/naming\n  * clientv3/naming/endpoints: fix endpoints prefix bug fixes bug with multiple endpoints with same prefix\n  * grpcproxy: fix memberlist results not update when proxy node down\n\n- Update to version 3.5.9:\n\n  * Move go version to dedicated .go-version file\n  * tests: e2e and integration test for timetolive\n  * etcdserver: protect lease timetilive with auth\n  * Backport go update to latest patch release 1.19.9.\n  * Backport centralising go version for actions workflows.\n  * server: backport 15743, improved description of --initial-cluster-state flag\n\n- Update to version 3.5.8:\n\n  * etcdserver: Guarantee order of requested progress notifications\n  * etcdserver: verify field 'username' and 'revision' present when decoding a JWT token\n  * set zap logging to wsproxy\n  * security: remove password after authenticating the user\n  * test: add an e2e test to reproduce https://nvd.nist.gov/vuln/detail/CVE-2021-28235\n  * bump golang to 1.19.8\n  * server/auth: disallow creating empty permission ranges\n  * chore: enable strict mode for test CI\n  * Fixes: #15266 All docker images of Architecture show amd64\n  * scripts: Add testing of etcd in local image in release workflow.\n  * server: Fix defer function closure escape\n  * tests: Test separate http port connection multiplexing\n  * server: Add --listen-client-http-urls flag to allow running grpc server separate from http server\n  * server: Pick one address that all grpc gateways connect to\n  * server: Extract resolveUrl helper function\n  * server: Separate client listener grouping from serving\n  * refactor: Use proper variable names for urls\n  * sever/auth: fix addUserWithNoOption of store_test\n  * server/auth: fix auth panic bug when user changes password\n  * Automated cherry-pick of #14860: Trigger release in current branch for github workflow case\n  * server/embed: fix data race when start insecure grpc\n  * server: Test watch restore\n  * mvcc: update minRev when watcher stays synced\n  * tests: Add v2 API to connection multiplexing test\n  * tests: Add connection muiltiplexer testing\n  * tests: Backport RunUtilCompletion\n  * tests: Backport tls for etcdctl\n  * tests: Extract e2e test utils\n  * tests: Allow specifying http version in curl\n  * tests: Refactor newClient args\n  * tests: Refactor CURLPrefixArgs\n  * Backport tls 1.3 support.\n  * server: Switch back to random scheduler to improve resilience to watch starvation\n  * test: Test etcd watch stream starvation under high read response load when sharing the same connection\n  * tests: Allow configuring progress notify interval in e2e tests\n  * Run go mod tidy\n  * Updated go to 1.19.7.\n  * Backport go_srcs_in_module changes and fix goword failures.\n  * Formatted source code for go 1.19.6.\n  *  Bump to go 1.19.6\n  *  Bump golang.org/x/net to v0.7.0 to address CVE GO-2023-1571.\n  * test:enhance the test case TestV3WatchProgressOnMemberRestart\n  * clientv3: correct the nextRev on receving progress notification response\n  * etcdserver: add failpoints walBeforeSync and walAfterSync\n  * Fix regression in timestamp resolution\n  * upgrade cockroachdb/datadriven to v1.0.2 to remove archived dependencies\n  * bump github.com/stretchr/testify to v1.8.1\n  * bump bbolt to v1.3.7 for release-3.5\n  * netutil: consistently format ipv6 addresses\n  * docker: remove nsswitch.conf\n\n- Update to version 3.5.7:\n\n  * etcdserver: return membership.ErrIDNotFound when the memberID not found\n  * etcdserver: process the scenaro of the last WAL record being partially synced to disk\n  * update nsswitch.conf for 3.5\n  * 3.5: remove the dependency on busybox\n  * Remove dependency on gobin\n  * resolve build error: parameter may not start with quote character '\n  * remove .travis.yml\n  * format the source code and tidy the dependencies using go 1.17.13\n  * bump go version to 1.17.13\n  * deps: bump golang.org/x/net to v0.4.0 to address CVEs\n  * security: use distroless base image to address critical Vulnerabilities\n  * cidc:  specify the correct branch name of release-3.5 in workflow for trivy nightly scan\n  * Add trivy nightly scan for release-3.5\n  * clientv3: revert the client side change in 14547\n  * client/pkg/v3: fixes Solaris build of transport\n  * etcdserver: fix nil pointer panic for readonly txn\n  * Fix go fmt error\n  * [3.5] Backport: non mutating requests pass through quotaKVServer when NOSPACE\n  * etcdserver: intentionally set the memberID as 0 in corruption alarm\n \n- Update to version 3.5.6:\n\n  * release: build with consistent paths\n  * client/pkg/fileutil: add missing logger to {Create,Touch}DirAll\n  * test: add test case to cover the CommonName based authentication\n  * test: add certificate with root CommonName\n  * clientv3: do not refresh token when using TLS CommonName based authentication\n  * etcdserver: call the OnPreCommitUnsafe in unsafeCommit\n  * add range flag for delete in etcdctl\n  * server: add more context to panic message\n  * fix:close conn\n  * clientv3: fix the design & implementation of double barrier\n  * test: added e2e test case for issue 14571: etcd doesn't load auth info when recovering from a snapshot\n  * etcdserver: call refreshRangePermCache on Recover() in AuthStore. #14574\n  * server: add a unit test case for authStore.Reocver() with empty rangePermCache\n  * Backport #14591 to 3.5.\n  * client/v3: Add backoff before retry when watch stream returns unavailable\n  * etcdserver: added more debug log for the purgeFile goroutine\n  * netutil: make a `raw` URL comparison part of the urlsEqual function\n  * Apply suggestions from code review\n  * netutil: add url comparison without resolver to URLStringsEqual\n  * tests/Dockerfile: Switch to ubuntu 22.04 base\n  * Makefile: Additional logic fix\n  * *: avoid closing a watch with ID 0 incorrectly\n  * tests: a test case for watch with auth token expiration\n  * *: handle auth invalid token and old revision errors in watch\n  * server/etcdmain: add configurable cipher list to gRPC proxy listener\n  * Replace github.com/form3tech-oss/jwt-go with https://github.com/golang-jwt/jwt/v4\n\n- Update to version 3.5.5:\n\n  * fix the flaky test fix_TestV3AuthRestartMember_20220913 for 3.5\n  * etcdctl: fix move-leader for multiple endpoints\n  * testing: fix TestOpenWithMaxIndex cleanup\n  * server,test: refresh cache on each NewAuthStore\n  * server/etcdmain: add build support for Apple M1\n  * tests: Fix member id in CORRUPT alarm\n  * server: Make corrtuption check optional and period configurable\n  * server: Implement compaction hash checking\n  * tests: Cover periodic check in tests\n  * server: Refactor compaction checker\n  * tests: Move CorruptBBolt to testutil\n  * tests: Rename corruptHash to CorruptBBolt\n  * tests: Unify TestCompactionHash and extend it to also Delete keys and Defrag\n  * tests: Add tests for HashByRev HTTP API\n  * tests: Add integration tests for compact hash\n  * server: Cache compaction hash for HashByRev API\n  * server: Extract hasher to separate interface\n  * server: Remove duplicated compaction revision\n  * server: Return revision range that hash was calcualted for\n  * server: Store real rv range in hasher\n  * server: Move adjusting revision to hasher\n  * server: Pass revision as int\n  * server: Calculate hash during compaction\n  * server: Fix range in mock not returning same number of keys and values\n  * server: Move reading KV index inside scheduleCompaction function\n  * server: Return error from scheduleCompaction\n  * server: Refactor hasher\n  * server: Extract kvHash struct\n  * server: Move unsafeHashByRev to new hash.go file\n  * server: Extract unsafeHashByRev function\n  * server: Test HashByRev values to make sure they don't change\n  * server: Cover corruptionMonitor with tests\n  * server: Extract corruption detection to dedicated struct\n  * server: Extract triggerCorruptAlarm to function\n  * move consistent_index forward when executing alarmList operation\n  * fix the potential data loss for clusters with only one member\n  * [backport 3.5] server: don't panic in readonly serializable txn\n  * Backport of pull/14354 to 3.5.5\n  * Refactor the keepAliveListener and keepAliveConn\n  * clientv3: close streams after use in lessor keepAliveOnce method\n  * Change default sampling rate from 100% to 0%\n  * Fix the failure in TestEndpointSwitchResolvesViolation\n  * update all related dependencies\n  * move setupTracing into a separate file config_tracing.go\n  * etcdserver: bump OpenTelemetry to 1.0.1\n  * Change default sampling rate from 100% to 0%\n  * server/auth: protect rangePermCache with a RW lock\n  * Improve error message for incorrect values of ETCD_CLIENT_DEBUG\n  * add e2e test cases to cover the maxConcurrentStreams\n  * Add flag `--max-concurrent-streams` to set the max concurrent stream each client can open at a time\n  * add the uint32Value data type\n  * Client: fix check for WithPrefix op\n  * client/v3: do not overwrite authTokenBundle on dial\n  * restrict the max size of each WAL entry to the remaining size of the file\n  * Add FileReader and FileBufReader utilities\n  * Backport two lease related bug fixes to 3.5\n  * scripts: Detect staged files before building release\n  * scripts: Avoid additional repo clone\n  * Make DRY_RUN explicit\n  * scripts: Add tests for release scripts\n  * server/auth: enable tokenProvider if recoved store enables auth\n  * Update golang.org/x/crypto to latest\n\n- Update to version 3.5.4:\n\n  * Update conssitent_index when applying fails\n  * Add unit test for canonical SRV records\n  * Revert 'trim the suffix dot from the srv.Target for etcd-client DNS lookup'\n\n- add variable ETCD_OPTIONS to both service unit and configuration file\n  this allows the user to easily add things like '--enable-v2=true'\n\n- Update to version 3.5.3:\n\n  https://github.com/etcd-io/etcd/compare/v3.5.2...v3.5.3\n  * clientv3: disable mirror auth test with proxy\n  * cv3/mirror: Fetch the most recent prefix revision\n  * set backend to cindex before recovering the lessor in applySnapshot\n  * support linearizable renew lease\n  * clientv3: filter learners members during autosync\n  * etcdserver: upgrade the golang.org/x/crypto dependency\n  * fix the data inconsistency issue by adding a txPostLockHook into the backend\n  * server: Save consistency index and term to backend even when they decrease\n  * server: Add verification of whether lock was called within out outside of apply\n  * go.mod: Upgrade to prometheus/client_golang v1.11.1\n  * server: Use default logging configuration instead of zap production one\n  * Fix offline defrag\n  * backport 3.5: #13676 load all leases from backend\n  * server/storage/backend: restore original bolt db options after defrag\n  * always print raft term in decimal when displaying member list in json\n  * enhance health check endpoint to support serializable request\n  * trim the suffix dot from the srv.Target for etcd-client DNS lookup\n\n- Drop ETCD_UNSUPPORTED_ARCH=arm64 from sysconfig as ARM64 is now officially supported\n- Update etcd.conf variables\n- Add the new etcdutl into separate subpackage\n\n- Update to version 3.5.2:\n\n  * Update dep: require gopkg.in/yaml.v2 v2.2.8 -> v2.4.0 due to: CVE-2019-11254.\n  * fix runlock bug\n  * server: Require either cluster version v3.6 or --experimental-enable-lease-checkpoint-persist to persist lease remainingTTL\n  * etcdserver,integration: Store remaining TTL on checkpoint\n  * lease,integration: add checkpoint scheduling after leader change\n  * set the backend again after recovering v3 backend from snapshot\n  * *: implement a retry logic for auth old revision in the client\n  * client/v3: refresh the token when ErrUserEmpty is received while retrying\n  * server/etcdserver/api/etcdhttp: exclude the same alarm type activated by multiple peers\n  * storage/backend: Add a gauge to indicate if defrag is active (backport from 3.6)\n\n- Update to version 3.5.1:\n\n  * version: 3.5.1\n  * Dockerfile: bump debian bullseye-20210927\n  * client: Use first endpoint as http2 authority header\n  * tests: Add grpc authority e2e tests\n  * client: Add grpc authority header integration tests\n  * tests: Allow configuring integration tests to use TCP\n  * test: Use unique number for grpc port\n  * tests: Cleanup member interface by exposing Bridge directly\n  * tests: Make using bridge optional\n  * tests: Rename grpcAddr to grpcURL to imply that it includes schema\n  * tests: Remove bridge dependency on unix\n  * Decouple prefixArgs from os.Env dependency\n  * server: Ensure that adding and removing members handle storev2 and backend out of sync\n  * Stop using tip golang version in CI\n  * fix self-signed-cert-validity parameter cannot be specified in the config file\n  * fix health endpoint not usable when authentication is enabled\n  * workflows: remove ARM64 job for maintenance\n\n- Update to version 3.5.0:\n\n  * See link below, diff is too big\n    https://github.com/etcd-io/etcd/compare/v3.4.16...v3.5.0\n\n- Added hardening to systemd service(s) (boo#1181400)\n\n- Change to sysuser-tools to create system user\n\n- Update to version 3.4.16:\n\n  * Backport-3.4 exclude alarms from health check conditionally\n  * etcdserver/mvcc: update trace.Step condition\n  * Backport-3.4 etcdserver/util.go: reduce memory when logging range requests\n  * .travis,Makefile,functional: Bump go 1.12 version to v1.12.17\n  * integration: Fix 'go test --tags cluster_proxy --timeout=30m -v ./integration/...'\n  * pkg/tlsutil: Adjust cipher suites for go 1.12\n  * Fix pkg/tlsutil (test) to not fail on 386.\n  * bill-of-materials.json: Update golang.org/x/sys\n  * .travis,test: Turn race off in Travis for go version 1.15\n  * integration : fix TestTLSClientCipherSuitesMismatch in go1.13\n  * vendor: Run go mod vendor\n  * go.mod,go.sum: Bump github.com/creack/pty that includes patch\n  * go.mod,go.sum: Comply with go v1.15\n  * etcdserver,wal: Convert int to string using rune()\n  * integration,raft,tests: Comply with go v1.15 gofmt\n  * .travis.yml: Test with go v1.15.11\n  * pkpkg/testutil/leak.go: Allowlist created by testing.runTests.func1\n  * vendor: Run go mod vendor\n  * go.sum, go.mod: Run go mod tidy with go 1.12\n  * go.mod: Pin go to 1.12 version\n  * etcdserver: fix incorrect metrics generated when clients cancel watches\n  * integration: relax leader timeout from 3s to 4s\n  * etcdserver: when using --unsafe-no-fsync write data\n  * server: Added config parameter experimental-warning-apply-duration\n  * etcdserver: Fix PeerURL validation\n\n- update etcd.service: avoid args from commandline and environment\n  as it leads to start failure (boo#1183703) \n\n- Update to version 3.4.15:\n\n  * [Backport-3.4] etcdserver/api/etcdhttp: log successful etcd server side health check in debug level\n  * etcdserver: Fix 64 KB websocket notification message limit\n  * vendor: bump gorilla/websocket\n  * pkg/fileutil: fix F_OFD_ constants\n\n- Update to version 3.4.14:\n\n  * pkg/netutil: remove unused 'iptables' wrapper\n  * tools/etcd-dump-metrics: validate exec cmd args\n  * clientv3: get AuthToken automatically when clientConn is ready.\n  * etcdserver: add ConfChangeAddLearnerNode to the list of config changes\n  * integration: add flag WatchProgressNotifyInterval in integration test\n\n- Update to version 3.4.13:\n\n  * pkg: file stat warning\n  * Automated cherry pick of #12243 on release 3.4\n  * version: 3.4.12\n  * etcdserver: Avoid panics logging slow v2 requests in integration tests\n  * version: 3.4.11\n  * Revert 'etcdserver/api/v3rpc: 'MemberList' never return non-empty ClientURLs'\n  * *: fix backport of PR12216\n  * *: add experimental flag for watch notify interval\n  * clientv3: remove excessive watch cancel logging\n  * etcdserver: add OS level FD metrics\n  * pkg/runtime: optimize FDUsage by removing sort\n  * clientv3: log warning in case of error sending request\n  * etcdserver/api/v3rpc: 'MemberList' never return non-empty ClientURLs\n\n- Update to version 3.4.10 [CVE-2020-15106][boo#1174951]:\n\n  * Documentation: note on data encryption\n  * etcdserver: change protobuf field type from int to int64 (#12000)\n  * pkg: consider umask when use MkdirAll\n  * etcdmain: let grpc proxy warn about insecure-skip-tls-verify\n  * etcdmain: fix shadow error\n  * pkg/fileutil: print desired file permission in error log\n  * pkg: Fix dir permission check on Windows\n  * auth: Customize simpleTokenTTL settings.\n  * mvcc: chanLen 1024 is to biger,and it used more memory. 128 seems to be enough. Sometimes the consumption speed is more than the production speed.\n  * auth: return incorrect result 'ErrUserNotFound' when client request without username or username was empty.\n  * etcdmain: fix shadow error\n  * doc: add TLS related warnings\n  * etcdserver:FDUsage set ticker to 10 minute from 5 seconds. This ticker will check File Descriptor Requirements ,and count all fds in used. And recorded some logs when in used >= limit/5*4. Just recorded message. If fds was more than 10K,It's low performance due to FDUsage() works. So need to increase it.\n  * clientv3: cancel watches proactively on client context cancellation\n  * wal: check out of range slice in 'ReadAll', 'decoder'\n  * etcdctl, etcdmain: warn about --insecure-skip-tls-verify options\n  * Documentation: note on the policy of insecure by default\n  * etcdserver: don't let InternalAuthenticateRequest have password\n  * auth: a new error code for the case of password auth against no password user\n  * Documentation: note on password strength\n  * etcdmain: best effort detection of self pointing in tcp proxy\n  * Discovery: do not allow passing negative cluster size\n  * wal: fix panic when decoder not set\n  * embed: fix compaction runtime err\n  * pkg: check file stats\n  * etcdserver, et al: add --unsafe-no-fsync flag\n  * wal: add TestValidSnapshotEntriesAfterPurgeWal testcase\n  * wal: fix crc mismatch crash bug\n  * rafthttp: log snapshot download duration\n  * rafthttp: improve snapshot send logging\n  *  *: make sure snapshot save downloads SHA256 checksum\n  * etcdserver/api/snap: exclude orphaned defragmentation files in snapNames\n  * etcdserver: continue releasing snap db in case of error\n  * etcdserver,wal: fix inconsistencies in WAL and snapshot\n  * cherry pick of #11564 (#11880)\n  * mvcc: fix deadlock bug\n  * auth: optimize lock scope for CheckPassword\n  * auth: ensure RoleGrantPermission is compatible with older versions\n  * etcdserver: print warn log when failed to apply request\n  * auth: cleanup saveConsistentIndex in NewAuthStore\n  * auth: print warning log when error is ErrAuthOldRevision\n  * auth: add new metric 'etcd_debugging_auth_revision'\n  * tools/etcd-dump-db: add auth decoder, optimize print format\n  * *: fix auth revision corruption bug\n  * etcdserver: watch stream got closed once one request is not permitted (#11708)\n  * version: 3.4.7\n  * wal: add 'etcd_wal_writes_bytes_total'\n  * pkg/ioutil: add 'FlushN'\n  * test: auto detect branch when finding merge base\n  * mvcc/kvstore:when the number key-value is greater than one million, compact take too long and blocks other requests\n  * version: 3.4.6\n  * lease: fix memory leak in LeaseGrant when node is follower\n  * version: 3.4.5\n  * words: whitelist 'racey'\n  * Revert 'version: 3.4.5'\n  * words: whitelist 'hasleader'\n  * version: 3.4.5\n  * etcdserver/api/v3rpc: handle api version metadata, add metrics\n  * clientv3: embed api version in metadata\n  * etcdserver/api/etcdhttp: log server-side /health checks\n  * proxy/grpcproxy: add return on error for metrics handler\n  * etcdctl: fix member add command\n  * etcdserver: fix quorum calculation when promoting a learner member\n  * etcdserver: corruption check via http\n  * mvcc/backend: check for nil boltOpenOptions\n  * mvcc/backend: Delete orphaned db.tmp files before defrag\n  * auth: correct logging level\n  * e2e: test curl auth on onoption user\n  * auth: fix NoPassWord check when add user\n  * auth: fix user.Options nil pointer\n  * mvcc/kvstore:fixcompactbug\n  * mvcc: update to 'etcd_debugging_mvcc_total_put_size_in_bytes'\n  * mvcc: add 'etcd_mvcc_put_size_in_bytes' to monitor the throughput of put request.\n  * clientv3: fix retry/streamer error message\n  * etcdserver: wait purge file loop during shutdown\n  * integration: disable TestV3AuthOldRevConcurrent\n  * etcdserver: remove auth validation loop\n  * scripts/release: list GPG key only when tagging is needed\n\n","id":"openSUSE-SU-2025:0003-1","modified":"2025-01-07T15:04:12Z","published":"2025-01-07T15:04:12Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PE3D4WEFUCELLDKJUEM2KLPFMME7KTAI/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1174951"},{"type":"REPORT","url":"https://bugzilla.suse.com/1181400"},{"type":"REPORT","url":"https://bugzilla.suse.com/1183703"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199031"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-11254"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-15106"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2021-28235"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-47108"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2023-48795"}],"related":["CVE-2019-11254","CVE-2020-15106","CVE-2021-28235","CVE-2023-47108","CVE-2023-48795"],"summary":"Security update for etcd","upstream":["CVE-2019-11254","CVE-2020-15106","CVE-2021-28235","CVE-2023-47108","CVE-2023-48795"]}