StoRM GridHTTPs v. 3.0.0 release notes

StoRM GridHTTPs v. 3.0.0

Released on 09.12.2013 with StoRM v. 1.11.3.

Description

This release provides fixes for security vulnerabilities that were recently reported, and a few bug fixes.

Important The webdav service now responds on the /webdav/[storage-area] path. More details in the WebDAV interface guide.

Important A security authentication token is now used to secure all communication among the storm-frontend and grihttps services and the backend. The token is configured using the STORM_BE_XMLRPC_TOKEN YAIM variable for the three services. More details in the System administrator guide.

Important Please ensure that storage area file permissions are correctly set. Follow these instructions before running the gridhttps server.

Security vulnerabilities

More information concerning the security vulnerabilities addressed by this release are going to be published when appropriate at this URL.

Bug fixes

[STOR-450] - StoRM Gridhttps initializes VOMS validation in an unsafe way
[STOR-415] - Fix StoRM documentation typo
[STOR-376] - StoRM GridHTTPs' fileTransfer and WebDAV requests on different context-paths

Installation and configuration

You can find information about upgrade, clean installation and configuration of StoRM services in the System Administration Guide of the Documentation section.

Known issues

None at the moment