openstack-swift

1
swift (2.32.0, OpenStack Bobcat)
2

3
    * Python 3 fixes:
4

5
      * Python 3 object servers can now read unencrypted non-ASCII metadata
6
        that was written under Python 2.
7

8
      * Ssync no longer corrupts unencrypted non-ASCII metadata during
9
        transfers.
10

11
      * Fixed an encoding issue when writing non-ASCII object names to sharded
12
        containers and shard range caching is not enabled.
13

14
      * Fixed an encoding issue when handling non-ASCII account names.
15

16
      * Fixed a `generator already executing` error on client disconnect.
17

18
      * Suppressed `RemoteDisconnected` tracebacks.
19

20
    * Metrics improvements:
21

22
      * Metrics are now emitted for a variety of S3 error responses, in the
23
        form `s3api.<status_int>.<error_class>[.<reason>]`
24

25
      * Fixed an issue that prevented proxy servers from emitting metrics and
26
        logs for backend requests made when getting account or container info.
27

28
      * Account and container info metrics now include the response status code
29
        when backend requests are made.
30

31
      * Added timing metrics to the container sharder for various operations.
32

33
    * Python 3.11 is now supported.
34

35
    * Added the ability for reseller admins to set per-policy account quotas by
36
      posting metadata of the form `X-Account-Quota-Bytes-Policy-<policy name>`.
37

38
    * Added a `keepalive_timeout` option to the proxy server to limit how long
39
      to wait for a client to initiate a request, separate from the general
40
      `client_timeout` option. Note that this requires eventlet 0.33.4
41
      (currently unreleased) or later.
42

43
    * Added a `keep_cache_slo_manifest` option to the object server to better
44
      control whether SLO manifests are dropped from the page cache.
45

46
    * WSGI servers now accept a `--test-config` option that may be used to
47
      validate configuration changes before reloading/restarting the server.
48

49
    * The structure of cached shard ranges has changed, improving performance
50
      when listing or writing to sharded containers. Note that immediately
51
      after upgrade, the new structures will all be cache misses, which may
52
      lead to a thundering herd problem. To avoid this, upgrade just a few
53
      nodes first, let them service some fraction of traffic to populate the
54
      cache, then upgrade the rest of the cluster.
55

56
    * A variety of performance improvements have been made for sharded
57
      container databases.
58

59
    * Various logging and metrics improvements when talking to memcache.
60

61
    * Fixed ssync's handling of timestamp offsets. Previously, this could cause
62
      ssync to fail with a 409 Conflict, causing the transfer to fail and
63
      preventing handoffs from clearing.
64

65
    * Fixed an issue where an erasure-coded PUT could prevent other requests
66
      from being processed when network calls rarely or never blocked.
67

68
    * Fixed an issue when downloading an SLO manifest would hit a recoverable
69
      error and attempt to resume from another node. This would manifest as
70
      either a pyeclib decode error or an unexpected empty response.
71

72
    * The proxy server now applies error-limiting to the correct node when
73
      handling a recoverable node error.
74

75
    * Account, container, and object log fields are now correctly identified
76
      when returning `BadDigest` responses to S3 requests.
77

78
    * Previously, under some circumstances, a non-standard config option such
79
      as `RECLAIM_AGE` might get parsed as `reclaim_age` for some processes
80
      but ignored by others. Now, all config parsing is case-sensitive;
81
      non-standard names will always be ignored.
82

83
    * Reduced the backend load of making `?versions` requests to a container
84
      that has never had object versioning enabled.
85

86
    * Improved formatting of meta and sysmeta for `swift-account-info` and
87
      `swift-container-info`.
88

89
    * The standard-library `logging` module is no longer monkey-patched when
90
      importing `swift.common.utils`, making it easier to re-use swift code
91
      in other contexts.
92

93
    * Removed the hard dependency on netifaces; it may still be used if the
94
      `getifaddrs` C function is not available. This fallback support may be
95
      removed in a future release.
96

97
    * Various other minor bug fixes and improvements.
98

99

100
swift (2.31.1, OpenStack Antelope)
101

102
    * Sharding fixes
103

104
      * Shards no longer report stats to the root database when they are in
105
        the CREATED state.
106

107
      * Sharding metadata is no longer cleared when databases are deleted.
108
        This could previously cause deleted shards that still had rows to
109
        become stuck and never move them to the correct database.
110

111
      * Fixed a performance regression in the handling of misplaced objects.
112

113
      * Swift path and on-disk path are now included with all sharder logging.
114

115
    * `s3token` no longer mangles request paths that include the Access Key ID.
116

117
    * User metadata is now exposed via CORS when encryption is enabled,
118
      matching the behavior when encryption is not enabled.
119

120
    * Fewer backend requests are now required when account or container
121
      information is missing from memcache.
122

123
    * Fixed logging of IP and port in the proxy-server; in particular,
124
      internal clients now correctly log about the replication IP/port.
125

126
    * Fixed a bug in the object replicator that would cause an under-reporting
127
      of failures.
128

129
    * Various other minor bug fixes.
130

131

132
swift (2.31.0)
133

134
    * S3 API improvements
135

136
      * Fixed a security issue in how `s3api` handles XML parsing that allowed
137
        authenticated S3 clients to read arbitrary files from proxy servers.
138
        Refer to CVE-2022-47950 for more information.
139

140
      * Fixed a server error when handling malformed CompleteMultipartUpload
141
        requests.
142

143
      * Improved error reporting when attempting to set invalid `X-Delete-At`
144
        or `X-Delete-After` values via the S3 API.
145

146
    * Sharding improvements
147

148
      * Sync more shard ranges from the root database to the shards. This
149
        helps ensure shard range repairs effected at the root make their way
150
        to shards that would otherwise be stuck trying to further divide
151
        into sub-shards.
152

153
      * Added a `merge` subcommand to `swift-manage-shard-ranges` to merge
154
        arbitrary shard ranges into a container DB. Minimal safety checks
155
        are performed; it should only be used for emergency shard range
156
        manipulation by expert users.
157

158
      * Improved performance of `delimiter` listings for sharded containers.
159

160
      * Added more safety checks to the `repair` subcommand of
161
        `swift-manage-shard-ranges`.
162

163
      * Better handle `EOFError` and `KeyboardInterrupt` when prompting for
164
        input in `swift-manage-shard-ranges`.
165

166
      * Warnings are now emitted when sharding appears to have become stuck.
167
        Use the new `container_sharding_timeout` option to configure the
168
        "stuck" threshold; the default is 48 hours.
169

170
      * Stop warning about transient overlaps when auditing shard ranges.
171

172
    * Metrics improvements
173

174
      * Added timing stats for memcached operations.
175

176
      * Renamed and improved the granularity of shard range cache and
177
        backend stats. Metrics dashboards may need to be updated.
178

179
      * Emit stats when backend nodes are error-limited.
180

181
    * Added support for Python 3.10.
182

183
    * Added an optional `backend_ratelimit` middleware for backend servers.
184
      See the backend server sample configuration files for more information.
185

186
    * Added the ability to configure a chance to skip checking memcache when
187
      querying account and container information. This allows some fraction
188
      of traffic to go to disk and refresh memcache before the key ages out.
189
      Recommended values for the new `account_existence_skip_cache_pct` and
190
      `container_existence_skip_cache_pct` options are in the range of
191
      0.0 to 0.01.
192

193
    * Static large object segments may now be deleted asynchronously by
194
      default. Operators may return to the old behavior by disabling the
195
      `allow_async_delete` option in the `[filter:slo]` section
196
      in their proxy-server.conf.
197

198
    * Absolute-form request targets are now accepted. This enables access for
199
      certain clients and SDKs (including some older versions of rclone that
200
      were using an old version of aws-sdk-go).
201

202
    * Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
203
      and 3.10.6 that could cause some `domain_remap` requests to be routed to
204
      the wrong object.
205

206
    * Fixed a server error when attempting to access data in a deleted
207
      container that had an erasure-coded storage policy.
208

209
    * Improved error messages to clients that encounter errors using the
210
      `formpost` middleware.
211

212
    * Removed some inappropriate error-suppression when locking account and
213
      container databases.
214

215
    * Improved server start-up time when using multiple workers.
216

217
    * Removed some unnecessary locking when logging.
218

219
    * Added some basic object-metadata validation; invalid diskfiles will be
220
      quarantined via the auditor or reconstructor.
221

222
    * Enhanced logging when error-limiting a backend node.
223

224
    * Various other minor bug fixes and improvements.
225

226

227
swift (2.30.1, zed stable backports)
228

229
    * Fixed a security issue in how `s3api` handles XML parsing that allowed
230
      authenticated S3 clients to read arbitrary files from proxy servers.
231
      Refer to CVE-2022-47950 for more information.
232

233
    * Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
234
      and 3.10.6 that could cause some `domain_remap` requests to be routed to
235
      the wrong object.
236

237

238
swift (2.30.0, OpenStack Zed)
239

240
    * Sharding improvements
241

242
      * The `swift-manage-shard-ranges` tool has a new mode to repair gaps
243
        in the namespace.
244

245
      * Misplaced tombstone records are now properly cleaved.
246

247
      * Fixed a bug where the sharder could fail to find a device to use for
248
        cleaving.
249

250
      * Databases marked deleted are now processed by the sharder.
251

252
      * More information is now synced to the fresh database when sharding.
253
        Previously, a database could lose the fact that it had been marked
254
        as deleted.
255

256
      * Shard ranges with no rows to cleave could previously be left in the
257
        CREATED state after cleaving. Now, they are advanced to CLEAVED.
258

259
      * Metrics are now emitted for whether databases used for cleaving
260
        were created or already existed, allowing a better understanding
261
        of the reason for handoffs in the cluster.
262

263
      * Misplaced-record stats are now also emitted to statsd. Previously,
264
        these were only available in logs.
265

266
    * S3 API improvements
267

268
      * Constant-time string comparisons are now used when checking signatures.
269

270
      * Fixed cross-policy object copies. Previously, copied data would
271
        always be written using the source container's policy. Now, the
272
        destination container's policy will be used, avoiding availability
273
        issues and unnecessary container-reconciler work.
274

275
      * More headers are now copied from multi-part upload markers to their
276
        completed objects, including `Content-Encoding`.
277

278
      * When running with `s3_acl` disabled, `bucket-owner-full-control` and
279
        `bucket-owner-read` canned ACLs will be translated to the same Swift
280
        ACLs as `private`.
281

282
      * The S3 ACL and Delete Multiple APIs are now less case-sensitive.
283

284
      * Improved the error message when deleting a bucket that's ever had
285
        versioning enabled and still has versions in it.
286

287
      * `LastModified` timestamps in listings are now rounded up to whole
288
        seconds, like they are in responses from AWS.
289

290
      * Proxy logging for Complete Multipart Upload requests is now more
291
        consistent when requests have been retried.
292

293
    * Logging improvements
294

295
      * Signal handling is more consistently logged at notice level.
296
        Previously, signal handling would sometimes be logged at info
297
        or error levels.
298

299
      * The message template for proxy logging may now include a
300
        `{domain}` field for the client-provided `Host` header.
301

302
      * The object-replicator now logs successful rsync transfers at debug
303
        instead of info.
304

305
      * Added a `log_rsync_transfers` option to the object-replicator.
306
        Set it to false to disable logging rsync "send" lines; during
307
        large rebalances, such logging can overwhelm log aggregation
308
        while providing little useful information.
309

310
      * Transaction IDs are now only included in daemon log lines
311
        in a request/response context.
312

313
    * Fixed a socket leak when clients try to delete a non-SLO as though
314
      it were a Static Large Object.
315

316
    * The formpost digest algorithm is now configurable via the new
317
      `allowed_digests` option, and support is added for both SHA-256
318
      and SHA-512. Supported formpost digests are exposed to clients in
319
      `/info`. Additionally, formpost signatures can now be base64 encoded.
320

321
    * Added metrics to the formpost and tempurl middlewares to monitor
322
      digest usage in signatures.
323

324
    * SHA-1 signatures are now deprecated for the formpost and tempurl
325
      middlewares. At some point in the future, SHA-1 will no longer be
326
      enabled by default; eventually, support for it will be removed
327
      entirely.
328

329
    * Improved compatibility with certain FIPS-mode-enabled systems.
330

331
    * Added a `ring_ip` option for various object services. This may be
332
      used to find own devices in the ring in a containerized environment
333
      where the `bind_ip` may not appear in the ring at all.
334

335
    * Account and container replicators can now be configured with a
336
      `handoff_delete` option, similar to object replicators and
337
      reconstructors. See the sample config for more information.
338

339
    * Developers using Swift's memcache client may now opt in to having
340
      a `MemcacheConnectionError` be raised when no connection succeeded
341
      using a new `raise_on_error` keyword argument to `get`/`set`.
342

343
    * The tempurl middleware has been updated to return a 503 if storing a
344
      token in memcache fails. Third party authentication middlewares are
345
      encouraged to also use the new `raise_on_error` keyword argument
346
      when storing ephemeral tokens in memcache.
347

348
    * Pickle support has been removed from Swift's memcache client. Support
349
      had been deprecated since Swift 1.7.0.
350

351
    * Device names are now included in new database IDs. This provides more
352
      context when examining incoming/outgoing sync tables or sharding
353
      CleaveContexts.
354

355
    * Database replication connections are now closed following an error
356
      or timeout. This prevents a traceback in some cases when the replicator
357
      tries to reuse the connection.
358

359
    * `ENOENT` and `ENODATA` errors are better handled in the object
360
      replicator and auditor.
361

362
    * Improved object update throughput by shifting some shard range
363
      filtering from Python to SQL.
364

365
    * Include `Vary: Origin` header when CORS responses vary by origin.
366

367
    * The staticweb middleware now allows empty listings at the root of
368
      a container. Previously, this would result in a 404 response.
369

370
    * Ring builder output tables better display weights over 1000.
371

372
    * Various other minor bug fixes and improvements.
373

374

375
swift (2.29.2, yoga stable backports)
376

377
    * Fixed a security issue in how `s3api` handles XML parsing that allowed
378
      authenticated S3 clients to read arbitrary files from proxy servers.
379
      Refer to CVE-2022-47950 for more information.
380

381
    * Constant-time string comparisons are now used when checking S3 API
382
      signatures.
383

384
    * Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
385
      and 3.10.6 that could cause some `domain_remap` requests to be routed to
386
      the wrong object.
387

388
    * Improved compatibility with certain FIPS-mode-enabled systems.
389

390

391
swift (2.29.1, OpenStack Yoga)
392

393
    * This is the final stable branch that will support Python 2.7.
394

395
    * Fixed s3v4 signature calculation when the client sends an un-encoded
396
      path in the request.
397

398
    * Fixed multiple issues in s3api involving Multipart Uploads with
399
      non-ASCII names.
400

401
    * The object-updater now defers rate-limited updates to the end of its
402
      cycle; these deferred updates will be processed (at the limited rate)
403
      until the configured `interval` elapses. A new `max_deferred_updates`
404
      option may be used to bound the deferral queue.
405

406
    * Empty account and container partition directories are now cleaned up
407
      immediately after replication, rather than needing to wait for an
408
      additional replication cycle.
409

410
    * The object-expirer now only cleans up empty containers. Previously, it
411
      would attempt to delete all processed containers, regardless of whether
412
      there were entries which were skipped or had errors.
413

414
    * A new `item_size_warning_threshold` option may be used to monitor for
415
      values that are approaching the limit of what can be stored in memcache.
416
      See the memcache sample config for more information.
417

418
    * Internal clients now correctly use their configured User-Agent in
419
      backend requests, rather than only using it for logging.
420

421
    * Various other minor bug fixes and improvements.
422

423

424
swift (2.29.0)
425

426
    * S3 API improvements
427

428
      * CORS preflights are now allowed for pre-signed URLs.
429

430
      * The `storage_domain` option now accepts a comma-separated list of
431
        storage domains. This allows multiple storage domains to configured
432
        for use with virtual-host style addressing.
433

434
      * Fixed the types of configured values in /info response.
435

436
      * Fixed a server error when trying to copy objects with non-ASCII names.
437

438
      * Fixed a server error when uploading objects with very long names.
439
        A KeyTooLongError is now returned.
440

441
      * Fixed an error when multi-deleting MPUs when SLO async-deletes
442
        are enabled.
443

444
      * Fixed an error that allowed list-uploads and list-parts requests to
445
        return incomplete or out-of-order results.
446

447
      * Fixed several bugs when dealing with non-ASCII object names and
448
        multipart uploads.
449

450
      * Reduced the overhead of retrieving bucket and object ACLs.
451

452
    * Replication, reconstruction, and diskfile improvements
453

454
      * The reconstructor now uses the replication network to fetch fragments
455
        for reconstruction.
456

457
      * Added the ability to limit how many objects per handoff partition
458
        will be reverted in a reconstructor cycle using the new
459
        `max_objects_per_revert` option. This may be useful to reduce
460
        ssync timeouts and lock contention, ensuring that progress is made
461
        during rebalances.
462

463
      * Ensure that non-durable data and .meta files are purged from handoffs
464
        after syncing.
465

466
      * Fixed tracebacks when there's a race to mark a file durable or delete it.
467

468
      * Improved cooperative multitasking during ssync.
469

470
      * Upon detecting a ring change, the reconstructor now only aborts the
471
        jobs for that ring and continues processing jobs for other rings.
472

473
      * Fixed a traceback when logging about a lock timeout in the replicator.
474

475
    * Object updater improvements
476

477
      * Added the ability to ratelimit updates (approximately) per-container
478
        using the new `max_objects_per_container_per_second` option. This may
479
        be used to limit requests to already-overloaded containers while still
480
        making progress on updates to other containers.
481

482
      * Added timing stats by response code.
483

484
      * Updates are now sent over the replication network.
485

486
      * Fixed a race condition where swift would attempt to quarantine
487
        recently-deleted updates.
488

489
    * Memcache improvements
490

491
      * Added the ability to configure a chance to skip checking memcache when
492
        querying shard ranges. This allows some fraction of traffic to go to
493
        disk and refresh memcache before the key ages out. Recommended values
494
        for the new `container_updating_shard_ranges_skip_cache_pct` and
495
        `container_listing_shard_ranges_skip_cache_pct` options are in the
496
        range of 0.0 to 0.1.
497

498
      * Added stats for shard range cache hits, misses, and skips.
499

500
      * Improved handling of timeouts and other errors when obtaining a
501
        connection to memcached.
502

503
    * Recon improvements
504

505
      * Added object-reconstructor stats to recon.
506

507
      * Each object-server IP is now queried only once when reporting disk
508
        usage. Previously, each port in the ring would be queried; when using
509
        servers-per-port, this could dramatically overstate the disk capacity
510
        in the cluster.
511

512
    * Fixed a security issue where tempurl and s3api signatures were logged in
513
      full. This allowed an attacker with access to log data to perform replay
514
      attacks, potentially accessing or overwriting cluster data. Now, such
515
      signatures are redacted in a manner similar to auth tokens; see the
516
      `reveal_sensitive_prefix` option in `proxy-server.conf`.
517

518
      See CVE-2017-8761 for more information.
519

520
    * Added a new `swift.common.registry` module. This includes helper
521
      functions `register_sensitive_header` and `register_sensitive_param`
522
      which third party middleware authors may use to flag headers and query
523
      parameters for redaction when logging. For more information, see
524
      https://docs.openstack.org/swift/latest/misc.html#module-swift.common.registry
525

526
    * Added the ability to configure project-scope read-only roles for
527
      keystoneauth using the new `project_reader_roles` option.
528

529
    * The cname_lookup middleware now works with dnspython 2.0 and later.
530

531
    * The internal clients used by the container-reconciler, container-sharder,
532
      container-sync, and object-expirer daemons now use a more-descriptive
533
      `<daemon>-ic` log name, rather than `swift`. If you previously
534
      configured the `log_name` option in `internal-client.conf`, you must
535
      now use the `set log_name = <value>` syntax to configure it, even if
536
      no value is set in the `[DEFAULT]` section. This may be done prior to
537
      upgrading.
538

539
    * Fixed a bug that allowed some statsd metrics to be annotated with the
540
      wrong backend layer.
541

542
    * The `StatsdClient.set_prefix` method is now deprecated and
543
      may be removed in a future release; by extension, so is the
544
      `LogAdapter.set_statsd_prefix` method. Middleware developers should
545
      use the `statsd_tail_prefix` argument to `get_logger` instead.
546

547
    * Fixed a traceback in the account-server when there's no account
548
      database on disk to receive a container update. The account-server
549
      now correctly 404s.
550

551
    * The container-updater will quarantine container databases if all
552
      replicas for the account respond 404.
553

554
    * Fixed a proxy-server error when the read-only middleware tried to
555
      handle non-Swift paths (such as may be used by third-party middleware).
556

557
    * Some client behaviors that the proxy previously logged at warning have
558
      been lowered to info.
559

560
    * Removed translations from most logging.
561

562
    * Various other minor bug fixes and improvements.
563

564

565
swift (2.28.1, xena stable backports)
566

567
    * Fixed a security issue in how `s3api` handles XML parsing that allowed
568
      authenticated S3 clients to read arbitrary files from proxy servers.
569
      Refer to CVE-2022-47950 for more information.
570

571
    * Constant-time string comparisons are now used when checking S3 API
572
      signatures.
573

574
    * Fixed a path-rewriting bug introduced in Python 3.7.14, 3.8.14, 3.9.14,
575
      and 3.10.6 that could cause some `domain_remap` requests to be routed to
576
      the wrong object.
577

578
    * Improved compatibility with certain FIPS-mode-enabled systems.
579

580
    * Ensure that non-durable data and .meta files are purged from handoffs
581
      after syncing.
582

583

584
swift (2.28.0, OpenStack Xena)
585

586
    * Sharding improvements:
587

588
      * When building a listing from shards, any failure to retrieve
589
        listings will result in a 503 response. Previously, failures
590
        fetching a partiucular shard would result in a gap in listings.
591

592
      * Container-server logs now include the shard path in the referer
593
        field when receiving stat updates.
594

595
      * Added a new config option, `rows_per_shard`, to specify how many
596
        objects should be in each shard when scanning for ranges. The default
597
        is `shard_container_threshold / 2`, preserving existing behavior.
598

599
      * Added a new config option, `minimum_shard_size`. When scanning
600
        for shard ranges, if the final shard would otherwise contain
601
        fewer than this many objects, the previous shard will instead
602
        be expanded to the end of the namespace (and so may contain up
603
        to `rows_per_shard + minimum_shard_size` objects). This reduces
604
        the number of small shards generated. The default value is
605
        `rows_per_shard / 5`.
606

607
      * Added a new config option, `shrink_threshold`, to specify the
608
        absolute size below which a shard will be considered for shrinking.
609
        This overrides the `shard_shrink_point` configuration option, which
610
        expressed this as a percentage of `shard_container_threshold`.
611
        `shard_shrink_point` is now deprecated.
612

613
      * Similar to above, `expansion_limit` was added as an absolute-size
614
        replacement for the now-deprecated `shard_shrink_merge_point`
615
        configuration option.
616

617
      * The sharder now correctly identifies and fails audits for shard
618
        ranges that overlap exactly.
619

620
      * The sharder and swift-manage-shard-ranges now consider total row
621
        count (instead of just object count) when deciding whether a shard
622
        is a candidate for shrinking.
623

624
      * If the sharder encounters shard range gaps while cleaving, it will
625
        now log an error and halt sharding progress. Previously, rows may
626
        not have been moved properly, leading to data loss.
627

628
      * Sharding cycle time and last-completion time are now available via
629
        swift-recon.
630

631
      * Fixed an issue where resolving overlapping shard ranges via shrinking
632
        could prematurely mark created or cleaved shards as active.
633

634
    * `swift-manage-shard-ranges` improvements:
635

636
      * Exit codes are now applied more consistently:
637

638
          - 0 for success
639
          - 1 for an unexpected outcome
640
          - 2 for invalid options
641
          - 3 for user exit
642

643
        As a result, some errors that previously resulted in exit code 2
644
        will now exit with code 1.
645

646
      * Added a new 'repair' command to automatically identify and
647
        optionally resolve overlapping shard ranges.
648

649
      * Added a new 'analyze' command to automatically identify overlapping
650
        shard ranges and recommend a resolution based on a JSON listing
651
        of shard ranges such as produced by the 'show' command.
652

653
      * Added a `--includes` option for the 'show' command to only output
654
        shard ranges that may include a given object name.
655

656
      * Added a `--dry-run` option for the 'compact' command.
657

658
      * The 'compact' command now outputs the total number of compactible
659
        sequences.
660

661
    * S3 API improvements:
662

663
      * Added an option, `ratelimit_as_client_error`, to return 429s for
664
        rate-limited responses. Several clients/SDKs have seem to support
665
        retries with backoffs on 429, and having it as a client error
666
        cleans up logging and metrics. By default, Swift will respond 503,
667
        matching AWS documentation.
668

669
      * Fixed a server error in bucket listings when `s3_acl` is enabled
670
        and staticweb is configured for the container.
671

672
      * Fixed a server error when a client exceeds `client_timeout` during an
673
        upload. Now, a `RequestTimeout` error is correctly returned.
674

675
      * Fixed a server error when downloading multipart uploads/static large
676
        objects that have missing or inaccessible segments. This is a state
677
        that cannot arise in AWS, so a new `BrokenMPU` error is returned,
678
        indicating that retrying the request is unlikely to succeed.
679

680
      * Fixed several issues with the prefix, marker, and delimiter
681
        parameters that would be mirrored back to clients when listing
682
        buckets.
683

684
    * Partition power increase improvements:
685

686
      * The relinker now spawns multiple subprocesses to process disks
687
        in parallel. By default, one worker is spawned per disk; use the
688
        new `--workers` option to control how many subprocesses are used.
689
        Use `--workers=0` to maintain the previous behavior.
690

691
      * The relinker now performs eventlet-hub selection the same way as
692
        other daemons. In particular, `epolls` will no longer be selected,
693
        as it seemed to cause occassional hangs.
694

695
      * The relinker can now target specific storage policies or
696
        partitions by using the new `--policy` and `--partition`
697
        options.
698

699
      * Partitions that encountered errors during relinking are no longer
700
        marked as completed in the relinker state file. This ensures that
701
        a subsequent relink will retry the failed partitions.
702

703
      * Partition cleanup is more robust, decreasing the likelihood of
704
        leaving behind mostly-empty partitions from the old partition
705
        power.
706

707
      * Improved relinker progress logging, and started collecting
708
        progress information for swift-recon.
709

710
      * Cleanup is more robust to files and directories being deleted by
711
        another process.
712

713
      * The relinker better handles data found from earlier partition power
714
        increases.
715

716
      * The relinker better handles tombstones found for the same object
717
        but with different inodes.
718

719
      * The reconciler now defers working on policies that have a partition
720
        power increase in progress to avoid issues with concurrent writes.
721

722
    * Erasure coding fixes:
723

724
      * Added the ability to quarantine EC fragments that have no (or few)
725
        other fragments in the cluster. A new configuration option,
726
        `quarantine_threshold`, in the reconstructor controls the point at
727
        the fragment will be quarantined; the default (0) will never
728
        quarantine. Only fragments older than `quarantine_age` (default:
729
        `reclaim_age`) may be quarantined. Before quarantining, the
730
        reconstructor will attempt to fetch fragments from handoff nodes
731
        in addition to the usual primary nodes; a new `request_node_count`
732
        option (default `2 * replicas`) limits the total number of nodes to
733
        contact.
734

735
      * Added a delay before deleting non-durable data. A new configuration
736
        option, `commit_window` in the `[DEFAULT]` section of
737
        object-server.conf, adjusts this delay; the default is 60 seconds. This
738
        improves the durability of both back-dated PUTs (from the reconciler or
739
        container-sync, for example) and fresh writes to handoffs by preventing
740
        the reconstructor from deleting data that the object-server was still
741
        writing.
742

743
      * Improved proxy-server and object-reconstructor logging when data
744
        cannot be reconstructed.
745

746
      * Fixed an issue where some but not all fragments having metadata
747
        applied could prevent reconstruction of missing fragments.
748

749
      * Server-side copying of erasure-coded data to a replicated policy no
750
        longer copies EC sysmeta. The previous behavior had no material
751
        effect, but could confuse operators examining data on disk.
752

753
    * Python 3 fixes:
754

755
      * Fixed a server error when performing a PUT authorized via
756
        tempurl with some proxy pipelines.
757

758
      * Fixed a server error during GET of a symlink with some proxy
759
        pipelines.
760

761
      * Fixed an issue with logging setup when /dev/log doesn't exist
762
        or is not a UNIX socket.
763

764
    * The container-reconciler now scales out better with new `processes`,
765
      `process`, and `concurrency` options, similar to the object-expirer.
766

767
    * The dark-data audit watcher now skips objects younger than a new
768
      configurable `grace_age` period. This avoids issues where data
769
      could be flagged, quarantined, or deleted because of listing
770
      consistency issues. The default is one week.
771

772
    * The dark-data audit watcher now requires that all primary locations
773
      for an object's container agree that the data does not appear in
774
      listings to consider data "dark". Previously, a network partition
775
      that left an object node isolated could cause it to quarantine or
776
      delete all of its data.
777

778
    * More daemons now support systemd notify sockets.
779

780
    * `EPIPE` errors no longer log tracebacks.
781

782
    * The account and container auditors now log and update recon before
783
      going to sleep.
784

785
    * The object-expirer logs fewer client disconnects.
786

787
    * `swift-recon-cron` now includes the last time it was run in the recon
788
      information.
789

790
    * `EIO` errors during read now cause object diskfiles to be quarantined.
791

792
    * The formpost middleware now properly supports uploading multiple files
793
      with different content-types.
794

795
    * Various other minor bug fixes and improvements.
796

797

798
swift (2.27.0, OpenStack Wallaby)
799

800
    * Added "audit watcher" hooks to allow operators to run arbitrary code
801
      against every diskfile in a cluster. For more information, see
802
      https://docs.openstack.org/swift/latest/development_watchers.html
803

804
    * Added support for system-scoped "reader" roles when authenticating using
805
      Keystone. Operators may configure this using the `system_reader_roles`
806
      option in the `[filter:keystoneauth]` section of their proxy-server.conf.
807

808
      A comparable group, `.reseller_reader`, is now available for development
809
      purposes when authenticating using tempauth.
810

811
    * Allow static large object segments to be deleted asynchronously.
812
      Operators may opt into this new behavior by enabling the new
813
      `allow_async_delete` option in the `[filter:slo]` section
814
      in their proxy-server.conf. For more information, see
815
      https://docs.openstack.org/swift/latest/overview_large_objects.html#deleting-a-large-object
816

817
    * Added the ability to connect to memcached over TLS. See the
818
      `tls_*` options in etc/memcache.conf-sample
819

820
    * The proxy-server now caches 'listing' shards, improving listing
821
      performance for sharded containers. A new config option,
822
      `recheck_listing_shard_ranges`, controls the cache time and defaults to
823
      10 minutes; set it to 0 to disable caching (the previous behavior).
824

825
    * Added a new optional proxy-logging field `{wire_status_int}` for the
826
      status code returned to the client. For more information, see
827
      https://docs.openstack.org/swift/latest/logs.html#proxy-logs
828

829
    * Errors downloading a Static Large Object that cause a shorter-than-expected
830
      response are now logged as 500s.
831

832
    * Memcache client error-limiting is now configurable. See the
833
      `error_suppression_*` options in etc/memcache.conf-sample
834

835
    * Added `tasks_per_second` option to rate-limit the object-expirer.
836

837
    * Added `usedforsecurity` annotations for use on FIPS-compliant systems.
838

839
    * Added an option to write EC fragments with legacy CRC to ensure a smooth
840
      upgrade from liberasurecode<=1.5.0 to >=1.6.2. For more information, see
841
      https://bugs.launchpad.net/liberasurecode/+bug/1886088
842

843
    * **Known Issue**: Operators should verify that encryption is not enabled
844
      in their reconciler pipelines; having it enabled there may harm data
845
      durability. For more information, see https://launchpad.net/bugs/1910804
846

847
    * S3 API improvements:
848

849
      * Fixed a bug that prevented the s3api pipeline validation described in
850
        proxy-server.conf-sample from being performed. As documented, operators
851
        can disable this via the `auth_pipeline_check` option if proxy startup
852
        fails with validation errors.
853

854
      * Make allowable clock skew configurable, with a default value of
855
        15 minutes to match AWS. Note that this was previously hardcoded at
856
        5 minutes; operators may want to preserve the prior behavior by setting
857
        `allowable_clock_skew = 300` in the `[filter:s3api]` section of their
858
        proxy-server.conf.
859

860
      * Fixed an issue where SHA mismatches in client XML payloads would cause
861
        a server error. Swift now correctly responds with a client error about
862
        the bad digest.
863

864
      * Fixed an issue where non-base64 signatures would cause a server error.
865
        Swift now correctly responds with a client error about the invalid
866
        digest.
867

868
      * Container ACLs are now cloned to the `+segments` container when it is
869
        created.
870

871
      * The correct storage policy is now logged for S3 requests.
872

873
      * Added the ability to configure auth region in s3token middleware.
874

875
      * CORS-related headers are now passed through appropriately when using
876
        the S3 API. Note that allowed origins and other container metadata
877
        must still be configured through the Swift API as documented at
878
        https://docs.openstack.org/swift/latest/cors.html
879

880
        Preflight requests do not contain enough information to map a
881
        bucket to an account/container pair; a new cluster-wide option
882
        `cors_preflight_allow_origin` may be configured for such OPTIONS
883
        requests. The default (blank) rejects all S3 preflight requests.
884

885
    * Sharding improvements:
886

887
      * Prevent shard databases from losing track of their root database when
888
        deleted.
889

890
      * Prevent sharded root databases from being reclaimed to ensure that
891
        shards can detect that they have been deleted.
892

893
      * A `--no-auto-shard` option has been added to `swift-container-sharder`.
894

895
      * The sharder daemon has been enhanced to better support the shrinking
896
        of shards that are no longer required. Shard containers will now
897
        discover from their root container if they should be shrinking. They
898
        will also discover the shards into which they should shrink, which may
899
        include the root container itself.
900

901
      * A 'compact' command has been added to `swift-manage-shard-ranges` that
902
        enables sequences of contiguous shards with low object counts to be
903
        compacted into another existing shard, or into the root container.
904

905
      * `swift-manage-shard-ranges` can now accept a config file; this
906
        may be used to ensure consistency of threshold values with the
907
        container-sharder config.
908

909
      * Overlapping shrinking shards no longer generate audit warnings; these
910
        are expected to sometimes overlap.
911

912
      * The sharding progress reports in recon cache now continue to be included
913
        for a period of time after sharding has completed. The time period
914
        may be configured using the `recon_sharded_timeout` option in the
915
        `[container-sharder]` section of container-server.conf, and defaults
916
        to 12 hours.
917

918
      * Add root containers with compactible ranges to recon cache.
919

920
      * Expose sharding statistics in the backend recon middleware.
921

922
    * Replication improvements:
923

924
      * Fixed a race condition in ssync that could lead to a loss of data
925
        durability (or even loss of data, for two-replica policies) when some
926
        object servers have outdated rings. Replication via rsync is likely
927
        still affected by a similar bug.
928

929
      * Non-durable fragments can now be reverted from handoffs.
930

931
      * The post-rsync REPLICATE call no longer recalculates hashes immediately.
932

933
      * Hashes are no longer invalidated after a successful ssync; they were
934
        already invalidated during the data transfer.
935

936
      * Reduced log noise for common ssync errors.
937

938
    * Python 3 fixes:
939

940
      * Added support for Python 3.9.
941

942
      * Staticweb correctly handles listings when paths include non-ASCII
943
        characters.
944

945
      * S3 API now allows multipart uploads with non-ASCII characters in the
946
        object name.
947

948
      * Fixed an import-ordering issue in `swift-dispersion-populate`.
949

950
    * Partition power increase improvements:
951

952
      * Fixed a bug where stale state files would cause misplaced data during
953
        multiple partition power increases.
954

955
      * Removed a race condition that could cause newly-written data to not be
956
        linked into the new partition for the new partition power.
957

958
      * Improved safety during cleanup to ensure files have been relinked
959
        appropriately before unlinking.
960

961
      * Added an option to drop privileges when running the relinker as root.
962

963
      * Added an option to rate-limit how quickly data files are relinked or
964
        cleaned up. This may be used to reduce I/O load during partition power
965
        increases, improving end-user performance.
966

967
      * Rehash partitions during the partition power increase. Previously, we
968
        relied on the replication engine to perform the rehash, which could
969
        cause an unexpected I/O spike after a partition power increase.
970

971
      * Warn when relinking/cleaning up and any disks are unmounted.
972

973
      * Log progress per partition when relinking/cleaning up.
974

975
      * During clean-up, stop warning about tombstones that got reaped from
976
        the new location but not the old.
977

978
      * Added the ability to read options from object-server.conf, similar to
979
        background daemons.
980

981
    * Turned off thread-logging when monkey-patching with eventlet. This
982
      addresses a potential hang in the proxy-server while logging client
983
      disconnects.
984

985
    * Fixed a bug that could cause EC GET responses to return a server error.
986

987
    * Fixed an issue with `swift-drive-audit` when run around New Year's.
988

989
    * Server errors encountered when validating the first segment of a Static or
990
      Dynamic Large Object now return a 503 to the client, rather than a 409.
991

992
    * Errors when setting keys in memcached are now logged. This helps
993
      operators detect when shard ranges for caching have gotten too large to
994
      be stored, for example.
995

996
    * Various other minor bug fixes and improvements.
997

998

999
swift (2.26.0, OpenStack Victoria)
1000

1001
    * Extend concurrent reads to erasure coded policies. Previously, the
1002
      options `concurrent_gets` and `concurrency_timeout` only applied to
1003
      replicated policies.
1004

1005
    * Add a new `concurrent_ec_extra_requests` option to allow the proxy to
1006
      make some extra backend requests immediately. The proxy will respond as
1007
      soon as there are enough responses available to reconstruct.
1008

1009
    * The concurrent read options (`concurrent_gets`, `concurrency_timeout`,
1010
      and `concurrent_ec_extra_requests`) may now be configured per
1011
      storage-policy.
1012

1013
    * Replication servers can now handle all request methods. This allows
1014
      ssync to work with a separate replication network.
1015

1016
    * All background daemons now use the replication network. This allows
1017
      better isolation between external, client-facing traffic and internal,
1018
      background traffic. Note that during a rolling upgrade, replication
1019
      servers may respond with `405 Method Not Allowed`. To avoid this,
1020
      operators should remove the config option `replication_server = true`
1021
      from their replication servers; this will allow them to handle all
1022
      request methods before upgrading.
1023

1024
    * S3 API improvements:
1025

1026
      * Fixed some SignatureDoesNotMatch errors when using the AWS .NET SDK.
1027

1028
      * Add basic read support for object tagging. This improves
1029
        compatibility with AWS CLI version 2. Write support is not
1030
        yet implemented, so the tag set will always be empty.
1031

1032
      * CompleteMultipartUpload requests may now be safely retried.
1033

1034
      * Improved quota-exceeded error messages.
1035

1036
      * Improved logging and statsd metrics. Be aware that this will cause
1037
        an increase in the proxy-logging statsd metrics emited for S3
1038
        responses. However, this should more accurately reflect the state
1039
        of the system.
1040

1041
      * S3 requests are now less demanding on the container layer.
1042

1043
    * Python 3 bug fixes:
1044

1045
      * Fixed an error when reading encrypted data that was written while
1046
        running Python 2 for a path that includes non-ASCII characters. This
1047
        was caused by a difference in string types that resulted in
1048
        ambiguity when decrypting. To prevent the ambiguity for new data, set
1049
        `meta_version_to_write = 3` in your keymaster configuration after
1050
        upgrading all proxy servers.
1051

1052
        If upgrading from Swift 2.20.0 or Swift 2.19.1 or earlier, set
1053
        `meta_version_to_write = 1` in your keymaster configuration prior
1054
        to upgrading.
1055

1056
      * Object expiration respects the `expiring_objects_container_divisor`
1057
        config option.
1058

1059
      * `fallocate_reserve` may be specified as a percentage in more places.
1060

1061
      * The ETag-quoting middleware no longer raises TypeErrors.
1062

1063
    * Sharding improvements:
1064

1065
      * Prevent object updates from auto-creating shard containers. This
1066
        ensures more consistent listings for sharded containers during
1067
        rebalances.
1068

1069
      * Deleted shard containers are no longer considered root containers.
1070
        This prevents unnecessary sharding audit failures and allows the
1071
        deleted shard database to actually be unlinked.
1072

1073
      * `swift-container-info` now summarizes shard range information.
1074
        Pass `-v`/`--verbose` if you want to see all of them.
1075

1076
      * Improved container-sharder stat reporting to reduce load on root
1077
        container databases.
1078

1079
      * Don't inject shard ranges when user quits.
1080

1081
    * Servers now open one listen socket per worker, ensuring each worker
1082
      serves roughly the same number of concurrent connections.
1083

1084
    * Server workers may now be gracefully terminated via `SIGHUP` or
1085
      `SIGUSR1`. The parent process will then spawn a fresh worker.
1086

1087
    * During rebalances, clients should no longer get 404s for data that
1088
      exists but whose replicas are overloaded.
1089

1090
    * Improved cache management for account and container responses.
1091

1092
    * Allow proxy-logging middlewares to be configured more independently.
1093

1094
    * Allow operators to pass either raw or URL-quoted paths to
1095
      swift-get-nodes. Notably, this allows swift-get-nodes to work with
1096
      the reserved namespace used for object versioning.
1097

1098
    * Container read ACLs now work with object versioning. This only
1099
      allows access to the most-recent version via an unversioned URL.
1100

1101
    * Improved how containers reclaim deleted rows to reduce locking and object
1102
      update throughput.
1103

1104
    * Large object reads log fewer client disconnects.
1105

1106
    * Allow ratelimit to be placed multiple times in a proxy pipeline,
1107
      such as both before s3api and auth (to handle swift requests without
1108
      needing to make an auth decision) and after (to limit S3 requests).
1109

1110
    * Shuffle object-updater work. This somewhat reduces the impact a
1111
      single overloaded database has on other containers' listings.
1112

1113
    * Fix a proxy-server error when retrieving erasure coded data when
1114
      there are durable fragments but not enough to reconstruct.
1115

1116
    * Fix an error in the proxy server when finalizing data.
1117

1118
    * Improve performance when increasing partition power.
1119

1120
    * Various other minor bug fixes and improvements.
1121

1122

1123
swift (2.25.1, ussuri stable backports)
1124

1125
    * Python 3 bug fixes:
1126

1127
      * Fixed an error when reading encrypted data that was written while
1128
        running Python 2 for a path that includes non-ASCII characters. This
1129
        was caused by a difference in string types that resulted in
1130
        ambiguity when decrypting. To prevent the ambiguity for new data, set
1131
        `meta_version_to_write = 3` in your keymaster configuration after
1132
        upgrading all proxy servers.
1133

1134
        If upgrading from Swift 2.20.0 or Swift 2.19.1 or earlier, set
1135
        `meta_version_to_write = 1` in your keymaster configuration prior
1136
        to upgrading.
1137

1138
      * Object expiration respects the `expiring_objects_container_divisor`
1139
        config option.
1140

1141
      * `fallocate_reserve` may be specified as a percentage in more places.
1142

1143
      * The ETag-quoting middleware no longer raises TypeErrors.
1144

1145
    * Improved how containers reclaim deleted rows to reduce locking and object
1146
      update throughput.
1147

1148
    * Fix a proxy-server error when retrieving erasure coded data when
1149
      there are durable fragments but not enough to reconstruct.
1150

1151
    * Fixed some SignatureDoesNotMatch errors when using the AWS .NET SDK.
1152

1153
    * Region name config option is now respected when configuring S3 credential
1154
      caching.
1155

1156

1157
swift (2.25.0, OpenStack Ussuri)
1158

1159
    * WSGI server processes can now notify systemd when they are ready.
1160

1161
    * Added `ttfb` (Time to First Byte) and `pid` (Process ID) to the set
1162
      of available proxy-server log fields. For more information, see
1163
      https://docs.openstack.org/swift/latest/logs.html
1164

1165
    * Improved proxy-server performance by reducing unnecessary locking,
1166
      memory copies, and eventlet scheduling.
1167

1168
    * Reduced object-replicator and object-reconstructor CPU usage by only
1169
      checking that the device list is current when rings change.
1170

1171
    * Improved performance of sharded container listings when performing
1172
      prefix listings.
1173

1174
    * Improved container-sync performance when data has already been
1175
      deleted or overwritten.
1176

1177
    * Account quotas are now enforced even on empty accounts.
1178

1179
    * Getting an SLO manifest with `?format=raw` now responds with an ETag
1180
      that matches the MD5 of the generated body rather than the MD5 of
1181
      the manifest stored on disk.
1182

1183
    * Provide useful status codes in logs for some versioning and symlink
1184
      subrequests that were previously logged as 499.
1185

1186
    * Fixed 500 from cname_lookup middleware. Previously, if the looked-up
1187
      domain was used by domain_remap to update the request path, the
1188
      server would respond Internal Error.
1189

1190
    * On Python 3, fixed an issue when reading or writing objects with a
1191
      content-type like `message/*`. Previously, Swift would fail to respond.
1192

1193
    * On Python 3, fixed a RecursionError in swift-dispersion-report when
1194
      using TLS.
1195

1196
    * Fixed a bug in the new object versioning API that would cause more
1197
      than `limit` results to be returned when listing.
1198

1199
    * Various other minor bug fixes and improvements.
1200

1201

1202
swift (2.24.0)
1203

1204
    * Added a new object versioning mode, with APIs for querying and
1205
      accessing old versions. For more information, see the documentation
1206
      at https://docs.openstack.org/swift/latest/middleware.html#module-swift.common.middleware.versioned_writes.object_versioning
1207

1208
    * Added support for S3 versioning using the above new mode.
1209

1210
    * Added a new middleware to allow accounts and containers to opt-in to
1211
      RFC-compliant ETags. This may be useful when using Swift as an origin
1212
      for some content delivery networks. For more information, see the
1213
      documentation at https://docs.openstack.org/swift/latest/middleware.html#module-swift.common.middleware.etag_quoter
1214
      Clients should be aware of the fact that ETags may be quoted for RFC
1215
      compliance; this may become the default behavior in some future release.
1216

1217
    * Proxy, account, container, and object servers now support "seamless
1218
      reloads" via `SIGUSR1`. This is similar to the existing graceful
1219
      restarts but keeps the server socket open the whole time, reducing
1220
      service downtime.
1221

1222
    * New buckets created via the S3 API will now store multi-part upload
1223
      data in the same storage policy as other data rather than the
1224
      cluster's default storage policy.
1225

1226
    * Device region and zone can now be changed via `swift-ring-builder`.
1227
      Note that this may cause a lot of data movement on the next rebalance
1228
      as the builder tries to reach full dispersion.
1229

1230
    * Added support for Python 3.8.
1231

1232
    * The container sharder can now handle containers with special
1233
      characters in their names.
1234

1235
    * Internal client no longer logs object DELETEs as status 499.
1236

1237
    * Objects with an `X-Delete-At` value in the far future no longer cause
1238
      backend server errors.
1239

1240
    * The bulk extract middleware once again allows clients to specify metadata
1241
      (including expiration timestamps) for all objects in the archive.
1242

1243
    * Container sync now synchronizes static symlinks in a way similar to
1244
      static large objects.
1245

1246
    * `swift_source` is set for more sub-requests in the proxy-server. See
1247
      https://docs.openstack.org/swift/latest/logs.html#swift-source
1248

1249
    * Errors encountered while validating static symlink targets no longer
1250
      cause BadResponseLength errors in the proxy-server.
1251

1252
    * On Python 3, the KMS keymaster now works with secrets stored
1253
      in Barbican with a text/plain payload-content-type.
1254

1255
    * On Python 3, the formpost middleware now works with unicode file names.
1256

1257
    * Several utility scripts now work better on Python 3:
1258

1259
      * swift-account-audit
1260

1261
      * swift-dispersion-populate
1262

1263
      * swift-drive-recon
1264

1265
      * swift-recon
1266

1267
    * On Python 3, certain S3 API headers are now lower case as they
1268
      would be coming from AWS.
1269

1270
    * Per-service `auto_create_account_prefix` settings are now deprecated
1271
      and may be ignored in a future release; if you need to use this, please
1272
      set it in the `[swift-constraints]` section of /etc/swift/swift.conf.
1273

1274
    * Various other minor bug fixes and improvements.
1275

1276

1277
swift (2.23.3, train stable backports)
1278

1279
    * Sharding improvements:
1280

1281
      * Prevent object updates from auto-creating shard containers. This
1282
        ensures more consistent listings for sharded containers during
1283
        rebalances.
1284

1285
      * Deleted shard containers are no longer considered root containers.
1286
        This prevents unnecessary sharding audit failures and allows the
1287
        deleted shard database to actually be unlinked.
1288

1289
      * The sharder daemon has been enhanced to better support the shrinking
1290
        of shards that are no longer required. Shard containers will now
1291
        discover from their root container if they should be shrinking. They
1292
        will also discover the shards into which they should shrink, which may
1293
        include the root container itself.
1294

1295
      * Improved performance of sharded container listings when performing
1296
        prefix listings.
1297

1298
      * Improved container-sharder stat reporting to reduce load on root
1299
        container databases.
1300

1301
      * The container sharder can now handle containers with special
1302
        characters in their names.
1303

1304
      * `swift-container-info` now summarizes shard range information.
1305
        Pass `-v`/`--verbose` if you want to see all of them.
1306

1307
      * Don't inject shard ranges when user quits.
1308

1309
      * Various other minor bug fixes and improvements.
1310

1311
    * Python 3 bug fixes:
1312

1313
      * Fixed a potential server error when uploading data via a tempurl.
1314

1315
      * Fixed a potential server error when getting symlink details.
1316

1317
    * Added the ability to connect to memcached over TLS. See the
1318
      `tls_*` options in etc/memcache.conf-sample
1319

1320

1321
swift (2.23.2, train stable backports)
1322

1323
    * Python 3 bug fixes:
1324

1325
      * Fixed an error when reading encrypted data that was written while
1326
        running Python 2 for a path that includes non-ASCII characters. This
1327
        was caused by a difference in string types that resulted in
1328
        ambiguity when decrypting. To prevent the ambiguity for new data, set
1329
        `meta_version_to_write = 3` in your keymaster configuration after
1330
        upgrading all proxy servers.
1331

1332
        If upgrading from Swift 2.20.0 or Swift 2.19.1 or earlier, set
1333
        `meta_version_to_write = 1` in your keymaster configuration prior
1334
        to upgrading.
1335

1336
      * Fixed an issue when reading or writing objects with a content-type
1337
        like `message/*`. Previously, Swift would fail to respond.
1338

1339
      * Object expiration respects the `expiring_objects_container_divisor`
1340
        config option.
1341

1342
      * `fallocate_reserve` may be specified as a percentage in more places.
1343

1344
      * The formpost middleware now works with unicode file names.
1345

1346
      * Certain S3 API headers are now lower case as they would be coming
1347
        from AWS.
1348

1349
    * Improved how containers reclaim deleted rows to reduce locking and object
1350
      update throughput.
1351

1352
    * Fix a proxy-server error when retrieving erasure coded data when
1353
      there are durable fragments but not enough to reconstruct.
1354

1355
    * Fixed 500 from cname_lookup middleware. Previously, if the looked-up
1356
      domain was used by domain_remap to update the request path, the
1357
      server would respond Internal Error.
1358

1359
    * The bulk extract middleware once again allows clients to specify metadata
1360
      (including expiration timestamps) for all objects in the archive.
1361

1362
    * Errors encountered while validating static symlink targets no longer
1363
      cause BadResponseLength errors in the proxy-server.
1364

1365
    * Fixed some SignatureDoesNotMatch errors when using the AWS .NET SDK.
1366

1367
    * Various other minor bug fixes and improvements.
1368

1369

1370
swift (2.23.1, train stable backports)
1371

1372
    * On Python 3, the KMS keymaster now works with secrets stored
1373
      in Barbican with a text/plain payload-content-type.
1374

1375
    * Several utility scripts now work better on Python 3:
1376

1377
      * swift-account-audit
1378

1379
      * swift-dispersion-populate
1380

1381
      * swift-drive-recon
1382

1383
      * swift-recon
1384

1385

1386
swift (2.23.0, OpenStack Train)
1387

1388
    * Python 3.6 and 3.7 are now fully supported. Several py3-related
1389
      fixes are included:
1390

1391
      * Removed a request-smuggling vector when running a mixed
1392
        py2/py3 cluster.
1393

1394
      * Allow fallocate_reserve to be specified as a percentage.
1395

1396
      * Fixed listings for sharded containers.
1397

1398
      * Fixed non-ASCII account metadata handling.
1399

1400
      * Fixed rsync output parsing.
1401

1402
      * Fixed some title-casing of headers.
1403

1404
      If you've been testing Swift on Python 3, upgrade at your earliest
1405
      convenience.
1406

1407
    * Added "static symlinks", which perform some validation as they
1408
      follow redirects and include more information about their target
1409
      in container listings.
1410

1411
    * Multi-character strings may now be used as delimiters in account
1412
      and container listings.
1413

1414
    * Sharding improvements
1415

1416
      * Container metadata related to sharding are now removed when no
1417
        longer needed.
1418

1419
      * Empty container databases (such as might be created on handoffs)
1420
        now shard much more quickly.
1421

1422
    * The proxy-server now ignores 404 responses from handoffs that have
1423
      no data when deciding on the correct response for object requests,
1424
      similar to what it already does for account and container requests.
1425

1426
    * Static Large Object sizes in listings for versioned containers are
1427
      now more accurate.
1428

1429
    * When refetching Static Large Object manifests, non-manifest responses
1430
      are now handled better.
1431

1432
    * S3 API now translates 503 Service Unavailable responses to a more
1433
      S3-like response instead of raising an error.
1434

1435
    * Improved proxy-to-backend requests to be more RFC-compliant.
1436

1437
    * Dependency update: eventlet must be at least 0.25.0. This also
1438
      dragged forward minimum-supported versions of dnspython (1.15.0),
1439
      greenlet (0.3.2), and six (1.10.0).
1440

1441
    * Various other minor bug fixes and improvements.
1442

1443

1444
swift (2.22.0)
1445

1446
    * Experimental support for Python 3.6 and 3.7 is now available.
1447
      Note that this requires eventlet>=0.25.0. All unit tests pass,
1448
      and running functional tests under Python 2 will pass against
1449
      services running under Python 3. Expect full support in the
1450
      next minor release.
1451

1452
    * Log formats are now more configurable and include support for
1453
      anonymization. See the log_msg_template option in proxy-server.conf
1454
      and https://docs.openstack.org/swift/latest/logs.html#proxy-logs
1455
      for more information.
1456

1457
    * Added an operator tool, swift-container-deleter, to asynchronously
1458
      delete some or all objects in a container using the object expirers.
1459

1460
    * Swift-all-in-one Docker images are now built and published to
1461
      https://hub.docker.com/r/openstackswift/saio. These are intended
1462
      for use as development targets, but will hopefully be useful as a
1463
      starting point for other work involving containerizing Swift.
1464

1465
    * The object-expirer may now be configured in object-server.conf.
1466
      This is in anticipation of a future change to allow the
1467
      object-expirer to be deployed on all nodes that run object-servers.
1468

1469
    * Correctness improvements
1470

1471
      * The proxy-server now ignores 404 responses from handoffs without
1472
        databases when deciding on the correct response for account and
1473
        container requests.
1474

1475
      * Object writes to a container whose existence cannot be verified
1476
        now 503 instead of 404.
1477

1478
    * Sharding improvements
1479

1480
      * The container-replicator now only attempts to fetch shard ranges if
1481
        the remote indicates that it has shard ranges. Further, it does so
1482
        with a timeout to prevent the process from hanging in certain cases.
1483

1484
      * The proxy-server now caches 'updating' shards, improving write
1485
        performance for sharded containers. A new config option,
1486
        `recheck_updating_shard_ranges`, controls the cache time; set it to
1487
        0 to disable caching.
1488

1489
      * The container-replicator now correctly enqueues container-reconciler
1490
        work for sharded containers.
1491

1492
    * S3 API improvements
1493

1494
      * Unsigned payloads work with v4 signatures once more.
1495

1496
      * Multipart upload parts may now be copied from other multipart uploads.
1497

1498
      * CompleteMultipartUpload requests with a Content-MD5 now work.
1499

1500
      * Content-Type can now be updated when copying an object.
1501

1502
      * Fixed v1 listings that end with a non-ASCII object name.
1503

1504
    * Background corruption-detection improvements
1505

1506
      * Detect and remove invalid entries from hashes.pkl
1507

1508
      * When object path is not a directory, just quarantine it,
1509
        rather than the whole suffix.
1510

1511
    * Dependency updates: we've increased our minimum supported version
1512
      of cryptography to 2.0.2 and netifaces to 0.8. This is largely due
1513
      to the difficulty of continuing to test with the old versions.
1514

1515
      If running Swift under Python 3, eventlet must be at least 0.25.0.
1516

1517
    * Various other minor bug fixes and improvements.
1518

1519

1520
swift (2.21.1, stein stable backports)
1521

1522
    * Sharding improvements
1523

1524
      * The container-replicator now only attempts to fetch shard ranges if
1525
        the remote indicates that it has shard ranges. Further, it does so
1526
        with a timeout to prevent the process from hanging in certain cases.
1527

1528
      * The container-replicator now correctly enqueues container-reconciler
1529
        work for sharded containers.
1530

1531
      * Container metadata related to sharding are now removed when no
1532
        longer needed.
1533

1534
    * S3 API improvements
1535

1536
      * Unsigned payloads work with v4 signatures once more.
1537

1538
      * Multipart upload parts may now be copied from other multipart uploads.
1539

1540
      * CompleteMultipartUpload requests with a Content-MD5 now work.
1541

1542
      * Content-Type can now be updated when copying an object.
1543

1544
      * Fixed v1 listings that end with a non-ASCII object name.
1545

1546
    * Background corruption-detection improvements
1547

1548
      * Detect and remove invalid entries from hashes.pkl
1549

1550
      * When object path is not a directory, just quarantine it,
1551
        rather than the whole suffix.
1552

1553
    * Static Large Object sizes in listings for versioned containers are
1554
      now more accurate.
1555

1556
    * When refetching Static Large Object manifests, non-manifest responses
1557
      are now handled better.
1558

1559
    * Cross-account symlinks now store correct account information in
1560
      container listings. This was previously fixed in 2.22.0.
1561

1562
    * Requesting multiple ranges from a Dynamic Large Object now returns the
1563
      entire object instead of incorrect data. This was previously fixed in
1564
      2.23.0.
1565

1566
    * When making backend requests, the proxy-server now ensures query
1567
      parameters are always properly quoted. Previously, the proxy would
1568
      encounter an error on Python 2.7.17 if the client included non-ASCII
1569
      query parameters in object requests. This was previously fixed in
1570
      2.23.0.
1571

1572

1573
swift (2.21.0, OpenStack Stein)
1574

1575
    * Change the behavior of the EC reconstructor to perform a
1576
      fragment rebuild to a handoff node when a primary peer responds
1577
      with 507 to the REPLICATE request. This changes EC to match the
1578
      existing behavior of replication when drives fail. After a
1579
      rebalance of EC rings (potentially removing unmounted/failed
1580
      devices), it's most IO efficient to run in handoffs_only mode to
1581
      avoid unnecessary rebuilds.
1582

1583
    * O_TMPFILE support is now detected by attempting to use it
1584
      instead of looking at the kernel version. This allows older
1585
      kernels with backported patches to take advantage of the
1586
      O_TMPFILE functionality.
1587

1588
    * Add slo_manifest_hook callback to allow other middlewares to
1589
      impose additional constraints on or make edits to SLO manifests
1590
      before being written. For example, a middleware could enforce
1591
      minimum segment size or insert data segments.
1592

1593
    * Fixed an issue with multi-region EC policies that caused the EC
1594
      reconstructor to constantly attempt cross-region rebuild
1595
      traffic.
1596

1597
    * Fixed an issue where S3 API v4 signatures would not be validated
1598
      against the body of the request, allowing a replay attack if
1599
      request headers were captured by a malicious third party.
1600

1601
    * Display crypto data/metadata details in swift-object-info.
1602

1603
    * formpost can now accept a content-encoding parameter.
1604

1605
    * Fixed an issue where multipart uploads with the S3 API would
1606
      sometimes report an error despite all segments being upload
1607
      successfully.
1608

1609
    * Multipart object segments are now actually deleted when the
1610
      multipart object is deleted via the S3 API.
1611

1612
    * Swift now returns a 503 (instead of a 500) when an account
1613
      auto-create fails.
1614

1615
    * Fixed a bug where encryption would store the incorrect key
1616
      metadata if the object name starts with a slash.
1617

1618
    * Fixed an issue where an object server failure during a client
1619
      download could leave an open socket between the proxy and
1620
      client.
1621

1622
    * Fixed an issue where deleted EC objects didn't have their
1623
      on-disk directories cleaned up. This would cause extra resource
1624
      usage on the object servers.
1625

1626
    * Fixed issue where bulk requests using xml and expect
1627
      100-continue would return a malformed HTTP response.
1628

1629
    * Various other minor bug fixes and improvements.
1630

1631

1632
swift (2.20.0)
1633

1634
    * S3 API compatibility updates
1635

1636
      * Swift can now cache the S3 secret from Keystone to use for
1637
        subsequent requests. This functionality is disabled by default but
1638
        can be enabled by setting the `secret_cache_duration` in the s3token
1639
        section of the proxy server config to a number greater than 0.
1640

1641
      * s3api now mimics the AWS S3 behavior of periodically sending
1642
        whitespace characters on a Complete Multipart Upload request to keep
1643
        the connection from timing out. Note that since a request could fail
1644
        after the initial 200 OK response has been sent, it is important to
1645
        check the response body to determine if the request succeeded.
1646

1647
      * s3api now properly handles x-amz-metadata-directive headers on
1648
        COPY operations.
1649

1650
      * s3api now uses concurrency (default 2) to handle multi-delete
1651
        requests. This allows multi-delete requests to be processed much
1652
        more quickly.
1653

1654
      * s3api now mimics some forms of AWS server-side encryption
1655
        based on whether Swift's at-rest encryption functionality is enabled.
1656
        Note that S3 API users are now able to know more about how the
1657
        cluster is configured than they were previously, ie knowledge of
1658
        encryption at-rest functionality being enabled or not.
1659

1660
      * s3api responses now include a '-' in multipart ETags.
1661

1662
        For new multipart-uploads via the S3 API, the ETag that is
1663
        stored will be calculated in the same way that AWS uses. This
1664
        ETag will be used in GET/HEAD responses, bucket listings, and
1665
        conditional requests via the S3 API. Accessing the same object
1666
        via the Swift API will use the SLO Etag; however, in JSON
1667
        container listings the multipart upload etag will be exposed
1668
        in a new "s3_etag" key. Previously, some S3 clients would complain
1669
        about download corruption when the ETag did not have a '-'.
1670

1671
      * S3 ETag for SLOs now include a '-'.
1672

1673
        Ordinary objects in S3 use the MD5 of the object as the ETag,
1674
        just like Swift. Multipart Uploads follow a different format, notably
1675
        including a dash followed by the number of segments. To that end
1676
        (and for S3 API requests *only*), SLO responses via the S3 API have a
1677
        literal '-N' added on the end of the ETag.
1678

1679
      * The default location is now set to "us-east-1". This is more likely
1680
        to be the default region that a client will try when using v4
1681
        signatures.
1682

1683
        Deployers with clusters that relied on the old implicit default
1684
        location of "US" should explicitly set `location = US` in the
1685
        `[filter:s3api]` section of proxy-server.conf before upgrading.
1686

1687
      * Add basic support for ?versions bucket listings. We still do not
1688
        have support for toggling S3 bucket versioning, but we can at least
1689
        support getting the latest versions of all objects.
1690

1691
    * Fixed an issue with SSYNC requests to ensure that only one request
1692
      can be running on a partition at a time.
1693

1694
    * Data encryption updates
1695

1696
      * The kmip_keymaster middleware can now be configured directly in the
1697
        proxy-server config file. The existing behavior of using an external
1698
        config file is still supported.
1699

1700
      * Multiple keymaster middlewares are now supported. This allows
1701
        migration from one key provider to another.
1702

1703
        Note that secret_id values must remain unique across all keymasters
1704
        in a given pipeline. If they are not unique, the right-most keymaster
1705
        will take precedence.
1706

1707
        When looking for the active root secret, only the right-most
1708
        keymaster is used.
1709

1710
      * Prevent PyKMIP's kmip_protocol logger from logging at DEBUG.
1711
        Previously, some versions of PyKMIP would include all wire
1712
        data when the root logger was configured to log at DEBUG; this
1713
        could expose key material in logs. Only the kmip_keymaster was
1714
        affected.
1715

1716
    * Fixed an issue where a failed drive could prevent the container sharder
1717
      from making progress.
1718

1719
    * Storage policy definitions in swift.conf can now define the diskfile
1720
      to use to access objects. See the included swift.conf-sample file for
1721
      a description of usage.
1722

1723
    * The EC reconstructor will now attempt to remove empty directories
1724
      immediately, while the inodes are still cached, rather than waiting
1725
      until the next run.
1726

1727
    * Added a keep_idle config option to configure KEEPIDLE time for TCP
1728
      sockets. The default value is the old constant of 600.
1729

1730
    * Add databases_per_second to the account-replicator,
1731
      container-replicator, and container-sharder. This prevents them from
1732
      using a full CPU core when they are not IO limited.
1733

1734
    * Allow direct_client users to overwrite the X-Timestamp header.
1735

1736
    * Various other minor bug fixes and improvements.
1737

1738

1739
swift (2.19.2, rocky stable backports)
1740

1741
    * Sharding improvements
1742

1743
      * The container-replicator now only attempts to fetch shard ranges if
1744
        the remote indicates that it has shard ranges. Further, it does so
1745
        with a timeout to prevent the process from hanging in certain cases.
1746

1747
      * The container-replicator now correctly enqueues container-reconciler
1748
        work for sharded containers.
1749

1750
    * S3 API improvements
1751

1752
      * Fixed an issue where v4 signatures would not be validated against
1753
        the body of the request, allowing a replay attack if request headers
1754
        were captured by a malicious third party. Note that unsigned payloads
1755
        still function normally.
1756

1757
      * CompleteMultipartUpload requests with a Content-MD5 now work.
1758

1759
      * Fixed v1 listings that end with a non-ASCII object name.
1760

1761
      * Multipart object segments are now actually deleted when the
1762
        multipart object is deleted via the S3 API.
1763

1764
      * Fixed an issue that caused Delete Multiple Objects requests with
1765
        large bodies to 400. This was previously fixed in 2.20.0.
1766

1767
      * Fixed an issue where non-ASCII Keystone EC2 credentials would not get
1768
        mapped to the correct account. This was previously fixed in 2.20.0.
1769

1770
    * Background corruption-detection improvements
1771

1772
      * Detect and remove invalid entries from hashes.pkl
1773

1774
      * When object path is not a directory, just quarantine it,
1775
        rather than the whole suffix.
1776

1777

1778
    * Fixed a bug where encryption would store the incorrect key
1779
      metadata if the object name starts with a slash.
1780

1781
    * Fixed an issue where an object server failure during a client
1782
      download could leave an open socket between the proxy and
1783
      client.
1784

1785
    * Static Large Object sizes in listings for versioned containers are
1786
      now more accurate.
1787

1788
    * When refetching Static Large Object manifests, non-manifest responses
1789
      are now handled better.
1790

1791
    * Cross-account symlinks now store correct account information in
1792
      container listings. This was previously fixed in 2.22.0.
1793

1794
    * Requesting multiple ranges from a Dynamic Large Object now returns the
1795
      entire object instead of incorrect data. This was previously fixed in
1796
      2.23.0.
1797

1798
    * When making backend requests, the proxy-server now ensures query
1799
      parameters are always properly quoted. Previously, the proxy would
1800
      encounter an error on Python 2.7.17 if the client included non-ASCII
1801
      query parameters in object requests. This was previously fixed in
1802
      2.23.0.
1803

1804

1805
swift (2.19.1, rocky stable backports)
1806

1807
    * Prevent PyKMIP's kmip_protocol logger from logging at DEBUG.
1808
      Previously, some versions of PyKMIP would include all wire
1809
      data when the root logger was configured to log at DEBUG; this
1810
      could expose key material in logs. Only the kmip_keymaster was
1811
      affected.
1812

1813
    * Fixed an issue where a failed drive could prevent the container sharder
1814
      from making progress.
1815

1816
    * Fixed a bug in how Swift uses eventlet that was exposed under high
1817
      concurrency.
1818

1819

1820
swift (2.19.0, OpenStack Rocky)
1821

1822
    * TempURLs now support IP range restrictions. Please see
1823
      https://docs.openstack.org/swift/latest/middleware.html#client-usage
1824
      for more information on how to use this additional restriction.
1825

1826
    * Add support for multiple root encryption secrets for the trivial
1827
      and KMIP keymasters. This allows operators to rotate encryption
1828
      keys over time without needing to re-encrypt all existing data
1829
      in the cluster. Please see the included sample config files for
1830
      instructions on how to multiple encryption keys.
1831

1832
    * The object updater now supports two configuration settings:
1833
      "concurrency" and "updater_workers". The latter controls how many
1834
      worker processes are spawned, while the former controls how many
1835
      concurrent container updates are performed by each worker
1836
      process. This should speed the processing of async_pendings.
1837

1838
      On upgrade, a node configured with concurrency=N will still handle
1839
      async updates N-at-a-time, but will do so using only one process
1840
      instead of N.
1841

1842
      If you have a config file like this:
1843

1844
          [object-updater]
1845
          concurrency = <N>
1846

1847
      and you want to take advantage of faster updates, then do this:
1848

1849
          [object-updater]
1850
          concurrency = 8  # the default; you can omit this line
1851
          updater_workers = <N>
1852

1853
      If you want updates to be processed exactly as before, do this:
1854

1855
          [object-updater]
1856
          concurrency = 1
1857
          updater_workers = <N>
1858

1859
    * When listing objects in a container in json format, static large
1860
      objects (SLOs) will now include an additional new "slo_etag" key
1861
      that matches the etag returned when requesting the SLO. The
1862
      existing "hash" key remains unchanged as the MD5 of the SLO
1863
      manifest. Text and XML listings are unaffected by this change.
1864

1865
    * Log deprecation warnings for `run_pause`. This setting was
1866
      deprecated in Swift 2.4.0 and is replaced by `interval`.
1867
      It may be removed in a future release.
1868

1869
    * Object reconstructor logs are now prefixed with information
1870
      about the specific worker process logging the message. This
1871
      makes reading the logs and understanding the messages much simpler.
1872

1873
    * Lower bounds of dependencies have been updated to reflect what
1874
      is actually tested.
1875

1876
    * SSYNC replication mode now removes as much of the directory
1877
      structure as possible as soon at it observes that the directory
1878
      is empty. This reduces the work needed for subsequent replication
1879
      passes.
1880

1881
    * The container-updater now reports zero objects and bytes used for
1882
      child DBs in sharded containers. This prevents double-counting in
1883
      utilization reports.
1884

1885
    * Add fallocate_reserve to account and container servers. This
1886
      allows disks shared between account/container and object rings to
1887
      avoid getting 100% full. The default value of 1% matches the
1888
      existing default on object servers.
1889

1890
    * Added an experimental `swift-ring-composer` CLI tool to build
1891
      composite rings.
1892

1893
    * Added an optional `read_only` middleware to make an entire cluster
1894
      or individual accounts read only.
1895

1896
    * Fixed a bug where zero-byte PUTs would not work properly
1897
      with "If-None-Match: *" conditional requests.
1898

1899
    * ACLs now work with unicode in user/account names.
1900

1901
    * COPY now works with unicode account names.
1902

1903
    * Improved S3 API compatibility.
1904

1905
    * Lock timeouts in the container updater are now logged at INFO
1906
      level, not ERROR.
1907

1908
    * Various other minor bug fixes and improvements.
1909

1910

1911
swift (2.18.0)
1912

1913
    * Added container sharding, an operator controlled feature that
1914
      may be used to shard very large container databases into a
1915
      number of smaller shard containers. This mitigates the issues
1916
      with one large DB by distributing the data across multiple
1917
      smaller databases throughout the cluster. Please read the full
1918
      overview at
1919
      https://docs.openstack.org/swift/latest/overview_container_sharding.html
1920

1921
    * Provide an S3 API compatibility layer. The external "swift3"
1922
      project has been imported into Swift's codebase as the "s3api"
1923
      middleware.
1924

1925
    * Added "emergency mode" hooks in the account and container replicators.
1926
      These options may be used to prioritize moving handoff
1927
      partitions to primary locations more quickly. This helps when
1928
      adding capacity to a ring.
1929

1930
      - Added `-d <devs>` and `-p <partitions>` command line options.
1931

1932
      - Added a handoffs-only mode.
1933

1934
    * Add a multiprocess mode to the object replicator. Setting the
1935
      "replicator_workers" setting to a positive value N will result
1936
      in the replicator using up to N worker processes to perform
1937
      replication tasks. At most one worker per disk will be spawned.
1938

1939
      Worker process logs will have a bit of information prepended so
1940
      operators can tell which messages came from which worker. The
1941
      prefix is "[worker M/N pid=P] ", where M is the worker's index,
1942
      N is the total number of workers, and P is the process ID. Every
1943
      message from the replicator's logger will have the prefix
1944

1945
    * The object reconstructor will now fork all available worker
1946
      processes when operating on a subset of local devices.
1947

1948
    * Add support for PROXY protocol v1 to the proxy server. This
1949
      allows the Swift proxy server to log accurate client IP
1950
      addresses when there is a proxy or SSL-terminator between the
1951
      client and the Swift proxy server.  Example servers supporting
1952
      this PROXY protocol include stunnel, haproxy, hitch, and
1953
      varnish. See the sample proxy server config file for the
1954
      appropriate config setting to enable or disable this
1955
      functionality.
1956

1957
    * In the ratelimit middleware, account whitelist and blacklist
1958
      settings have been deprecated and may be removed in a future
1959
      release. When found, a deprecation message will be logged.
1960
      Instead of these config file values, set X-Account-Sysmeta-
1961
      Global-Write-Ratelimit:WHITELIST and X-Account-Sysmeta-Global-
1962
      Write-Ratelimit:BLACKLIST on the particular accounts that need
1963
      to be whitelisted or blacklisted. System metadata cannot be added
1964
      or modified by standard clients. Use the internal client to set sysmeta.
1965

1966
    * Add a --drop-prefixes flag to swift-account-info,
1967
      swift-container-info, and swift-object-info. This makes the
1968
      output between the three more consistent.
1969

1970
    * statsd error messages correspond to 5xx responses only. This
1971
      makes monitoring more useful because actual errors (5xx) will
1972
      not be hidden by common user requests (4xx). Previously, some 4xx
1973
      responses would be included in timing information in the statsd
1974
      error messages.
1975

1976
    * Truncate error logs to prevent log handler from running out of buffer.
1977

1978
    * Updated requirements.txt to match global exclusions and formatting.
1979

1980
    * tempauth user names now support unicode characters.
1981

1982
    * Various other minor bug fixes and improvements.
1983

1984

1985
swift (2.17.1, queens stable backports)
1986

1987
    * Fix SLO delete for accounts with non-ASCII names.
1988

1989
    * Fixed an issue in COPY where concurrent requests may have copied the
1990
      wrong data.
1991

1992
    * Fixed a bug in how Swift uses eventlet that was exposed under high
1993
      concurrency.
1994

1995

1996
swift (2.17.0, OpenStack Queens)
1997

1998
    * Added symlink objects support.
1999

2000
      Symlink objects reference one other object. They are created by
2001
      creating an empty object with an X-Symlink-Target header. The value of
2002
      the header is of the format <container>/<object>, and the target does
2003
      not need to exist at the time of symlink creation. Cross-account
2004
      symlinks can be created by including the
2005
      X-Symlink-Target-Account header.
2006

2007
      GET and HEAD requests to a symlink will operate on the
2008
      referenced object and require appropriate permission in the
2009
      target container. DELETE and PUT requests will operate on the
2010
      symlink object itself. POST requests are not forwarded to the
2011
      referenced object. POST requests sent to a symlink will result
2012
      in a 307 Temporary Redirect response.
2013

2014
    * Added support for inline data segments in SLO manifests.
2015

2016
      Upgrade impact: during a rolling upgrade, an updated proxy server
2017
      may write a manifest that an out-of-date proxy server will not be
2018
      able to read. This will resolve itself once the upgrade completes
2019
      on all nodes.
2020

2021
    * The tempurl digest algorithm is now configurable, and Swift added
2022
      support for both SHA-256 and SHA-512. Supported tempurl digests
2023
      are exposed to clients in `/info`. Additionally, tempurl signatures
2024
      can now be base64 encoded.
2025

2026
    * Object expiry improvements
2027

2028
      - Disallow X-Delete-At header values equal to the X-Timestamp header.
2029

2030
      - X-Delete-At computation now uses X-Timestamp instead of
2031
        system time. This prevents clock skew causing inconsistent
2032
        expiry data.
2033

2034
      - Deleting an expiring object will now cause less work in the system.
2035
        The number of async pending files written has been reduced for all
2036
        objects and greatly reduced for erasure-coded objects. This
2037
        dramatically reduces the burden on container servers.
2038

2039
      - Stopped logging tracebacks when receiving an unexpected response.
2040

2041
      - Allow the expirer to gracefully move past updating stale work items.
2042

2043
    * When the object auditor examines an object, it will now add any
2044
      missing metadata checksums.
2045

2046
    * `swift-ring-builder` improvements
2047

2048
      - Save the ring when dispersion improves, even if balance
2049
        doesn't improve.
2050

2051
      - Improved the granularity of the ring dispersion metric so that
2052
        small improvements after a rebalance can show changes in the
2053
        dispersion number. Dispersion in existing and new rings can be
2054
        recalculated using the new '--recalculate' option to
2055
        `swift-ring-builder`.
2056

2057
      - Display more info on empty rings.
2058

2059
    * Fixed rare socket leak on range requests to erasure-coded objects.
2060

2061
    * The number of container updates on object PUTs (ie to update listings)
2062
      has been recomputed to be far more efficient while maintaining
2063
      durability guarantees. Specifically, object PUTs to erasure-coded
2064
      policies will now normally result in far fewer container updates.
2065

2066
    * Moved Zuul v3 tox jobs into the Swift code repo.
2067

2068
    * Changed where liberasurecode-devel for CentOS 7 is referenced and
2069
      installed as a dependency.
2070

2071
    * Added container/object listing with prefix to InternalClient.
2072

2073
    * Added '--swift-versions' to `swift-recon` CLI to compare installed
2074
      versions in the cluster.
2075

2076
    * Stop logging tracebacks in the `object-replicator` when it runs
2077
      out of handoff locations.
2078

2079
    * Send ETag header in 206 Partial Content responses to SLO reads.
2080

2081
    * Now `swift-recon-cron` works with conf.d configs.
2082

2083
    * Improved `object-updater` stats logging. It now tells you all of
2084
      its stats (successes, failures, quarantines due to bad pickles,
2085
      unlinks, and errors), and it tells you incremental progress every
2086
      five minutes. The logging at the end of a pass remains and has
2087
      been expanded to also include all stats.
2088

2089
    * If a proxy server is configured to autocreate accounts and the
2090
      account create fails, it will now return a server error (500)
2091
      instead of Not Found (404).
2092

2093
    * Fractional replicas are no longer allowed for erasure code policies.
2094

2095
    * Various other minor bug fixes and improvements.
2096

2097

2098
swift (2.16.0)
2099

2100
    * Add checksum to object extended attributes.
2101

2102
    * Let clients request heartbeats during SLO PUTs by including
2103
      the query parameter `heartbeat=on`.
2104

2105
      With heartbeating turned on, the proxy will start its response
2106
      immediately with 202 Accepted then send a single whitespace
2107
      character periodically until the request completes. At that
2108
      point, a final summary chunk will be sent which includes a
2109
      "Response Status" key indicating success or failure and (if
2110
      successful) an "Etag" key indicating the Etag of the resulting
2111
      SLO.
2112

2113
    * Added support for retrieving the encryption root secret from an
2114
      external key management system. In practice, this is currently limited
2115
      to Barbican.
2116

2117
    * Move listing formatting out to a new proxy middleware named
2118
      `listing_formats`. `listing_formats` should be just right of the
2119
      first proxy-logging middleware, and left of most other
2120
      middlewares. If it is not already present, it will be
2121
      automatically inserted for you.
2122

2123
      Note: if you have a custom middleware that makes account or
2124
      container listings, it will only receive listings in JSON format.
2125

2126
    * Log deprecation warning for `allow_versions` in the container
2127
      server config. Configure the `versioned_writes` middleware in
2128
      the proxy server instead. This option will be ignored in a
2129
      future release.
2130

2131
    * Replaced `replication_one_per_device` by custom count defined by
2132
      `replication_concurrency_per_device`. The original config value
2133
      is deprecated, but continues to function for now. If both values
2134
      are defined, the old `replication_one_per_device` is ignored.
2135

2136
    * Fixed a rare issue where multiple backend timeouts could result
2137
      in bad data being returned to the client.
2138

2139
    * Cleaned up logged tracebacks when talking to memcached servers.
2140

2141
    * Account and container replication stats logs now include
2142
      `remote_merges`, the number of times a whole database was sent
2143
      to another node.
2144

2145
    * Respond 400 Bad Request when Accept headers fail to parse
2146
      instead of returning 406 Not Acceptable.
2147

2148
    * The `domain_remap` middleware now supports the
2149
      `mangle_client_paths` option. Its default "false" value changes
2150
      `domain_remap` parsing to stop stripping the `path_root` value
2151
      from URL paths. If users depend on this path mangling, operators
2152
      should set `mangle_client_paths` to "True" before upgrading.
2153

2154
    * Remove `swift-temp-url` script. The functionality has been in
2155
      swiftclient for a long time and this script has been deprecated
2156
      since 2.10.0.
2157

2158
    * Removed all `post_as_copy` related code and configs. The option
2159
      has been deprecated since 2.13.0.
2160

2161
    * Fixed XML responses (eg on bulk extractions and SLO upload
2162
      failures) to be more correct. The enclosing "delete" tag was
2163
      removed where it doesn't make sense and replaced with "extract"
2164
      or "upload" depending on the context.
2165

2166
    * Static Large Object (SLO) manifest may now (again) have zero-byte
2167
      last segments.
2168

2169
    * Fixed an issue where background consistency daemon child
2170
      processes would deadlock waiting on the same file descriptor.
2171

2172
    * Removed a race condition where a POST to an SLO could modify the
2173
      X-Static-Large-Object metadata.
2174

2175
    * Accept a trade off of dispersion for balance in the ring builder
2176
      that will result in getting to balanced rings much more quickly
2177
      in some cases.
2178

2179
    * Fixed using `swift-ring-builder set_weight` with more than one
2180
      device.
2181

2182
    * When requesting objects, return 404 if a tombstone is found and
2183
      is newer than any data found. Previous behavior was to return
2184
      stale data.
2185

2186
    * Various other minor bug fixes and improvements.
2187

2188

2189
swift (2.15.2, pike stable backports)
2190

2191
    * Fixed a cache invalidation issue related to GET and PUT requests to
2192
      containers that would occasionally cause object PUTs to a container to
2193
      404 after the container had been successfully created.
2194

2195
    * Removed a race condition where a POST to an SLO could modify the
2196
      X-Static-Large-Object metadata.
2197

2198
    * Fixed rare socket leak on range requests to erasure-coded objects.
2199

2200
    * Fix SLO delete for accounts with non-ASCII names.
2201

2202
    * Fixed an issue in COPY where concurrent requests may have copied the
2203
      wrong data.
2204

2205
    * Fixed time skew when using X-Delete-After.
2206

2207
    * Send ETag header in 206 Partial Content responses to SLO reads.
2208

2209

2210
swift (2.15.1, OpenStack Pike)
2211

2212
    * Fixed a bug introduced in 2.15.0 where the object reconstructor
2213
      would exit with a traceback if no EC policy was configured.
2214

2215
    * Fixed deadlock when logging from a tpool thread.
2216

2217
      The object server runs certain IO-intensive methods outside the
2218
      main pthread for performance. Previously, if one of those methods
2219
      tried to log, this can cause a crash that eventually leads to an
2220
      object server with hundreds or thousands of greenthreads, all
2221
      deadlocked. The fix is to use a mutex that works across different
2222
      greenlets and different pthreads.
2223

2224
    * The object reconstructor can now rebuild an EC fragment for an
2225
      expired object.
2226

2227
    * Various other minor bug fixes and improvements.
2228

2229

2230
swift (2.15.0)
2231

2232
    * Add Composite Ring Functionality
2233

2234
      A composite ring comprises two or more component rings that are
2235
      combined to form a single ring with a replica count equal to the
2236
      sum of the component rings. The component rings are built
2237
      independently, using distinct devices in distinct regions, which
2238
      means that the dispersion of replicas between the components can
2239
      be guaranteed.
2240

2241
      Composite rings can be used for explicit replica placement and
2242
      "replicated EC" for global erasure codes policies.
2243

2244
      Composite rings support 'cooperative' rebalance which means that
2245
      during rebalance all component rings will be consulted before a
2246
      partition is moved in any component ring. This avoids the same
2247
      partition being simultaneously moved in multiple components.
2248

2249
      We do not yet have CLI tools for creating composite rings, but
2250
      the functionality has been enabled in the ring modules to
2251
      support this advanced functionality. CLI tools will be delivered
2252
      in a subsequent release.
2253

2254
      For further information see the docs at
2255
      <https://docs.openstack.org/swift/latest/overview_ring.html#module-swift.common.ring.composite_builder>
2256

2257
    * The EC reconstructor process has been dramatically improved by
2258
      adding support for multiple concurrent workers. Multiple
2259
      processes are required to get high concurrency, and this change
2260
      results in much faster rebalance times on servers with many
2261
      drives.
2262

2263
      Currently the default is still only one process, and no workers.
2264
      Set `reconstructor_workers` in the `[object-reconstructor]`
2265
      section to some whole number <= the number of devices on a node
2266
      to get that many reconstructor workers.
2267

2268
    * Add support to increase object ring partition power transparently
2269
      to end users and with no cluster downtime. Increasing the ring
2270
      partition power allows for incremental adjustment to the upper bound
2271
      of the cluster size. Please review the full docs at
2272
      <https://docs.openstack.org/swift/latest/ring_partpower.html>.
2273

2274
    * Added support for per-policy proxy config options. This allows
2275
      per-policy affinity options to be set for use with duplicated EC
2276
      policies and composite rings. Certain options found in per-policy
2277
      conf sections will override their equivalents that may be set
2278
      in the [app:proxy-server] section. Currently the options handled that
2279
      way are sorting_method, read_affinity, write_affinity,
2280
      write_affinity_node_count, and write_affinity_handoff_delete_count.
2281

2282
    * Enabled versioned writes on Dynamic Large Objects (DLOs).
2283

2284
    * Write-affinity aware object deletion
2285

2286
      Previously, when deleting objects in multi-region swift
2287
      deployment with write affinity configured, users always get 404
2288
      when deleting object before it's replicated to appropriate nodes.
2289

2290
      Now Swift will use `write_affinity_handoff_delete_count` to
2291
      define how many local handoff nodes should swift send request to
2292
      get more candidates for the final response. The default value
2293
      "auto" means Swift will calculate the number automatically based
2294
      on the number of replicas and current cluster topology.
2295

2296
    * Require that known-bad EC schemes be deprecated
2297

2298
      Erasure-coded storage policies using isa_l_rs_vand and nparity
2299
      >= 5 must be configured as deprecated, preventing any new
2300
      containers from being created with such a policy. This
2301
      configuration is known to harm data durability. Any data in such
2302
      policies should be migrated to a new policy. See
2303
      https://bugs.launchpad.net/swift/+bug/1639691 for more
2304
      information
2305

2306
    * Optimize the Erasure Code reconstructor protocol to reduce IO
2307
      load on servers.
2308

2309
    * Fixed a bug where SSYNC would fail to replicate unexpired object.
2310

2311
    * Fixed a bug in domain_remap when obj starts/ends with slash.
2312

2313
    * Fixed a socket leak in copy middleware when a large object was copied.
2314

2315
    * Fixed a few areas where the `swiftdir` option was not respected.
2316

2317
    * `swift-recon` now respects storage policy aliases.
2318

2319
    * cname_lookup middleware now accepts a `nameservers` config
2320
      variable that, if defined, will be used for DNS lookups instead of
2321
      the system default.
2322

2323
    * Make mount_check option usable in containerized environments by
2324
      adding a check for an ".ismount" file at the root directory of
2325
      a device.
2326

2327
    * Remove deprecated `vm_test_mode` option.
2328

2329
    * The object and container server config option `slowdown` has been
2330
      deprecated in favor of the new `objects_per_second` and
2331
      `containers_per_second` options.
2332

2333
    * The output of devices from `swift-ring-builder` has been reordered
2334
      by region, zone, ip, and device.
2335

2336
    * Imported docs content from openstack-manuals project.
2337

2338
    * Various other minor bug fixes and improvements.
2339

2340

2341
swift (2.14.0)
2342

2343
    * Fixed error where a container drive error resulted in double space
2344
      usage on rest drives. When drive with container or account database
2345
      is unmounted, the bug would create handoff replicas on all remaining
2346
      drives, increasing the drive space used and filling the cluster.
2347

2348
    * Fixed UnicodeDecodeError in the object reconstructor that would
2349
      prevent objects with non-ascii names from being reconstructed and
2350
      caused the reconstructor process to hang.
2351

2352
    * EC Fragment Duplication - Foundational Global EC Cluster Support.
2353

2354
    * Fixed encoding issue in ssync where a mix of ascii and non-ascii
2355
      metadata values would cause an error.
2356

2357
    * `name_check` and `cname_lookup` keys have been added to `/info`.
2358

2359
    * Add Vary: headers for CORS responses.
2360

2361
    * Always set Swift processes to use UTC.
2362

2363
    * Prevent logged traceback in object-server on client disconnect for
2364
      chunked transfers to replicated policies.
2365

2366
    * Removed per-device reconstruction stats. Now that the reconstructor
2367
      is shuffling parts before going through them, those stats no longer
2368
      make sense.
2369

2370
    * Log correct status code for conditional requests.
2371

2372
    * Drop support for auth-server from common/manager.py and `swift-init`.
2373

2374
    * Include received fragment index in reconstructor log warnings.
2375

2376
    * Fixed a race condition in updating hashes.pkl where a partition
2377
      suffix invalidation may have been skipped.
2378

2379
    * `domain_remap` now accepts a list of domains in "storage_domain".
2380

2381
    * Do not follow CNAME when host is in storage_domain.
2382

2383
    * Enable cluster-wide CORS Expose-Headers setting via
2384
      "cors_expose_headers".
2385

2386
    * Cache all answers from nameservers in cname_lookup.
2387

2388
    * Log the correct request type of a subrequest downstream of copy.
2389

2390
    * Various other minor bug fixes and improvements.
2391

2392

2393
swift (2.13.0, OpenStack Ocata)
2394

2395
    * Improvements in key parts of the consistency engine
2396

2397
      - Improved performance by eliminating an unneeded directory
2398
        structure hash.
2399

2400
      - Optimized the common case for hashing filesystem trees, thus
2401
        eliminating a lot of extraneous disk I/O.
2402

2403
      - Updated the `hashes.pkl` file format to include timestamp information
2404
        for race detection. Also simplified hashing logic to prevent race
2405
        conditions and optimize for the common case.
2406

2407
      - The erasure code reconstructor will now shuffle work jobs across all
2408
        disks instead of going disk-by-disk. This eliminates single-disk I/O
2409
        contention and allows continued scaling as concurrency is increased.
2410

2411
      - Erasure code reconstruction handles moving data from handoff nodes
2412
        better. Instead of moving the data to another handoff, it waits
2413
        until it can be moved to a primary node.
2414

2415
      Upgrade Impact: If you upgrade and roll back, you must delete all
2416
      `hashes.pkl` files.
2417

2418
    * If using erasure coding with ISA-L in rs_vand mode and 5 or more parity
2419
      fragments, Swift will emit a warning. This is a configuration that is
2420
      known to harm data durability. In a future release, this warning will be
2421
      upgraded to an error unless the policy is marked as deprecated. All data
2422
      in an erasure code storage policy using isa_l_rs_vand with 5 or more
2423
      parity should be migrated as soon as possible. Please see
2424
      https://bugs.launchpad.net/swift/+bug/1639691 for more information.
2425

2426
    * The erasure code reconstructor `handoffs_first` option has been
2427
      deprecated in favor of `handoffs_only`. `handoffs_only` is far more
2428
      useful, and just like `handoffs_first` mode in the replicator, it gives
2429
      the operator the option of forcing the consistency engine to focus
2430
      solely on revert (handoff) jobs, thus improving the speed of
2431
      rebalances.  The `handoffs_only` behavior is somewhat consistent with
2432
      the replicator's `handoffs_first` option (any error on any handoff in
2433
      the replicator will make it essentially handoff only forever) but the
2434
      `handoff_only` option does what you want and is named correctly in the
2435
      reconstructor.
2436

2437
    * The default for `object_post_as_copy` has been changed to False. The
2438
      option is now deprecated and will be removed in a future release. If
2439
      your cluster is still running with post-as-copy enabled, please update
2440
      it to use the "fast-post" method. Future versions of Swift will not
2441
      support post-as-copy, and future features will not be supported under
2442
      post-as-copy. ("Fast-post" is where `object_post_as_copy` is false).
2443

2444
    * Temporary URLs now support one common form of ISO 8601 timestamps in
2445
      addition to Unix seconds-since-epoch timestamps. The ISO 8601 format
2446
      accepted is '%Y-%m-%dT%H:%M:%SZ'. This makes TempURLs more
2447
      user-friendly to produce and consume.
2448

2449
    * Listing containers in accounts with json or xml now includes a
2450
      `last_modified` time. This does not change any on-disk data, but simply
2451
      exposes the value to offer consistency with the object listings on
2452
      containers.
2453

2454
    * Fixed a bug where the ring builder would not allow removal of a device
2455
      when min_part_seconds_left was greater than zero.
2456

2457
    * PUT subrequests generated from a client-side COPY will now properly log
2458
      the SSC (server-side copy) Swift source field. See
2459
      https://docs.openstack.org/swift/latest/logs.html#swift-source for
2460
      more information.
2461

2462
    * Fixed a bug where an SLO download with a range request may have resulted
2463
      in a 5xx series response.
2464

2465
    * SLO manifest PUT requests can now be properly validated by sending an
2466
      ETag header of the md5 sum of the concatenated md5 sums of the
2467
      referenced segments.
2468

2469
    * Fixed the stats calculation in the erasure code reconstructor.
2470

2471
    * Rings with min_part_hours set to zero will now only move one partition
2472
      replica per rebalance, thus matching behavior when min_part_hours is
2473
      greater than zero.
2474

2475
    * I/O priority is now supported on AArch64 architecture.
2476

2477
    * Various other minor bug fixes and improvements.
2478

2479

2480
swift (2.12.0)
2481

2482
    * Ring files now include byteorder information about the endian of
2483
      the machine used to generate the file, and the values are
2484
      appropriately byteswapped if deserialized on a machine with a
2485
      different endianness.
2486

2487
      Newly created ring files will be byteorder agnostic, but
2488
      previously generated ring files will still fail on different
2489
      endian architectures. Regenerating older ring files will cause
2490
      them to become byteorder agnostic. The regeneration of the ring
2491
      files will not cause any new data movement. Newer ring files
2492
      will still be usable by older versions of Swift (on machines
2493
      with the same endianness--this maintains existing behavior).
2494

2495
    * All 416 responses will now include a Content-Range header with
2496
      an unsatisfied-range value. This allows the caller to know the
2497
      valid range request value for an object.
2498

2499
    * TempURLs now support a validation against a common prefix. A
2500
      prefix-based signature grants access to all objects which share the
2501
      same prefix. This avoids the creation of a large amount of signatures,
2502
      when a whole container or pseudofolder is shared.
2503

2504
    * Correctly handle deleted files with if-none-match requests.
2505

2506
    * Correctly send 412 Precondition Failed if a user sends an
2507
      invalid copy destination. Previously Swift would send a 500
2508
      Internal Server Error.
2509

2510
    * In SLO manifests, the `etag` and `size_bytes` keys are now fully
2511
      optional and not required. Previously, the keys needed to exist
2512
      but the values were optional. The only required key is `path`.
2513

2514
    * Fixed a rare infinite loop in `swift-ring-builder` while placing parts.
2515

2516
    * Ensure update of the container by object-updater, removing a rare
2517
      possibility that objects would never be added to a container listing.
2518

2519
    * Fixed non-deterministic suffix updates in hashes.pkl where a partition
2520
      may be updated much less often than expected.
2521

2522
    * Fixed regression in consolidate_hashes that occurred when a new
2523
      file was stored to new suffix to a non-empty partition. This bug
2524
      was introduced in 2.7.0 and could cause an increase in rsync
2525
      replication stats during and after upgrade, due to inconsistent
2526
      hashing of partition suffixes.
2527

2528
    * Account and container databases will now be quarantined if the
2529
      database schema has been corrupted.
2530

2531
    * Removed "in-process-" from func env tox name to work with
2532
      upstream CI.
2533

2534
    * Respect server type for --md5 check in swift-recon.
2535

2536
    * Remove empty db hash and suffix directories if a db gets quarantined.
2537

2538
    * Various other minor bug fixes and improvements.
2539

2540

2541
swift (2.11.0)
2542

2543
    * We have made significant improvements and changes to the erasure
2544
      code implementation.
2545

2546
      - Instead of using a separate .durable file to indicate the
2547
        durable status of an EC fragment archive, we rename the .data
2548
        to include a durable marker in the filename. This saves one
2549
        inode for every EC .data file. Existing .durable files will not
2550
        be removed, and they will continue to work just fine.
2551

2552
        Note that after writing EC data with Swift 2.11.0 or later, that
2553
        data will not be accessible to earlier versions of Swift.
2554

2555
      - Closed a bug where ssync may have written bad fragment data in
2556
        some circumstances. A check was added to ensure the correct number
2557
        of bytes is written for a fragment before finalizing the write.
2558
        Also, erasure coded fragment metadata will now be validated on read
2559
        requests and, if bad data is found, the fragment will be quarantined.
2560

2561
      - The improvements to EC reads made in Swift 2.10.0 have also been
2562
        applied to the reconstructor. This allows fragments to be rebuilt
2563
        in more circumstances, resulting in faster recovery from failures.
2564

2565
      - WARNING: If you are using the ISA-L library for erasure codes,
2566
        please upgrade to liberasurecode 1.3.1 (or later) as soon as
2567
        possible. If you are using isa_l_rs_vand with more than 4 parity,
2568
        please read https://bugs.launchpad.net/swift/+bug/1639691 and take
2569
        necessary action.
2570

2571
      - Updated the PyECLib dependency to 1.3.1.
2572

2573
    * Added a configurable URL base to staticweb.
2574

2575
    * Support multi-range GETs for static large objects.
2576

2577
    * TempURLs using the "inline" parameter can now also set the
2578
      "filename" parameter. Both are used in the Content-Disposition
2579
      response header.
2580

2581
    * Mirror X-Trans-Id to X-Openstack-Request-Id.
2582

2583
    * SLO will now concurrently HEAD segments, resulting in much faster
2584
      manifest validation and object creation. By default, two HEAD requests
2585
      will be done at a time, but this can be changed by the operator via
2586
      the new `concurrency` setting in the "[filter:slo]" section of
2587
      the proxy server config.
2588

2589
    * Suppressed the KeyError message when auditor finds an expired object.
2590

2591
    * Daemons using InternalClient can now be properly killed with SIGTERM.
2592

2593
    * Added a "user" option to the drive-audit config file. Its value is
2594
      used to set the owner of the drive-audit recon cache.
2595

2596
    * Throttle update_auditor_status calls so it updates no more than once
2597
      per minute.
2598

2599
    * Suppress unexpected-file warnings for rsync temp files.
2600

2601
    * Various other minor bug fixes and improvements.
2602

2603

2604
swift (2.10.0, OpenStack Newton)
2605

2606
    * Object versioning now supports a "history" mode in addition to
2607
      the older "stack" mode. The difference is in how DELETE requests
2608
      are handled. For full details, please read
2609
      https://docs.openstack.org/swift/latest/overview_object_versioning.html.
2610

2611
    * New config variables to change the schedule priority and I/O
2612
      scheduling class. Servers and daemons now understand
2613
      `nice_priority`, `ionice_class`, and `ionice_priority` to
2614
      schedule their relative importance. Please read
2615
      https://docs.openstack.org/swift/latest/admin_guide.html
2616
      for full config details.
2617

2618
    * On newer kernels (3.15+ when using xfs), Swift will use the O_TMPFILE
2619
      flag when opening a file instead of creating a temporary file
2620
      and renaming it on commit. This makes the data path simpler and
2621
      allows the filesystem to more efficiently optimize the files on
2622
      disk, resulting in better performance.
2623

2624
    * Erasure code GET performance has been significantly
2625
      improved in clusters that are not completely healthy.
2626

2627
    * Significant improvements to the api-ref doc available at
2628
      https://docs.openstack.org/api-ref/object-store/.
2629

2630
    * A PUT or POST to a container will now update the container's
2631
      Last-Modified time, and that value will be included in a
2632
      GET/HEAD response.
2633

2634
    * Include object sysmeta in POST responses. Sysmeta is still
2635
      stripped from the response before being sent to the client, but
2636
      this allows middleware to make use of the information.
2637

2638
    * Fixed a bug where a container listing delimiter wouldn't work
2639
      with encryption.
2640

2641
    * Fixed a bug where some headers weren't being copied correctly
2642
      in a COPY request.
2643

2644
    * Container sync can now copy SLOs more efficiently by allowing
2645
      the manifest to be synced before all of the referenced segments.
2646
      This fixes a bug where container sync would not copy SLO manifests.
2647

2648
    * Fixed a bug where some tombstone files might never be reclaimed.
2649

2650
    * Update dnspython dependency to 1.14, removing the need to have
2651
      separate dnspython dependencies for Py2 and Py3.
2652

2653
    * Deprecate swift-temp-url and call python-swiftclient's
2654
      implementation instead. This adds python-swiftclient as an
2655
      optional dependency of Swift.
2656

2657
    * Moved other-requirements.txt to bindep.txt. bindep.txt lists
2658
      non-python dependencies of Swift.
2659

2660
    * Various other minor bug fixes and improvements.
2661

2662

2663
swift (2.9.0)
2664

2665
    * Swift now supports at-rest encryption. This feature encrypts all
2666
      object data and user-set object metadata as it is sent to the cluster.
2667
      This feature is designed to prevent information leaks if a hard drive
2668
      leaves the cluster. The encryption is transparent to the end-user.
2669

2670
      At-rest encryption in Swift is enabled on the proxy server by
2671
      adding two middlewares to the pipeline. The `keymaster` middleware
2672
      is responsible for managing the encryption keys and the `encryption`
2673
      middleware does the actual encryption and decryption.
2674

2675
      Existing clusters will continue to work without enabling
2676
      encryption. Although enabling this feature on existing clusters
2677
      is supported, best practice is to enable this feature on new
2678
      clusters when the cluster is created.
2679

2680
      For more information on the details of the at-rest encryption
2681
      feature, please see the docs at
2682
      https://docs.openstack.org/swift/latest/overview_encryption.html.
2683

2684
    * `swift-recon` can now be called with more than one server type.
2685

2686
    * Fixed a bug where non-ascii names could cause an error in logging
2687
      and cause a 5xx response to the client.
2688

2689
    * The install guide and API reference have been moved into Swift's
2690
      source code repository.
2691

2692
    * Various other minor bug fixes and improvements.
2693

2694

2695
swift (2.8.0)
2696

2697
    * Allow concurrent bulk deletes for server-side deletes of static
2698
      large objects. Previously this would be single-threaded and each
2699
      DELETE executed serially. The new `delete_concurrency` value
2700
      (default value is 2) in the `[filter:slo]` and `[filter:bulk]`
2701
      sections of the proxy server config controls the concurrency
2702
      used to perform the DELETE requests for referenced segments. The
2703
      default value is recommended, but setting the value to 1
2704
      restores previous behavior.
2705

2706
    * Refactor server-side copy as middleware
2707

2708
      The COPY verb is now implemented in the `copy` middleware instead
2709
      of in the proxy server code. If not explicitly added, the server
2710
      side copy middleware is auto-inserted to the left of `dlo`, `slo`
2711
      and `versioned_writes` middlewares in the proxy server pipeline.
2712
      As a result, dlo and slo `copy_hooks` are no longer required. SLO
2713
      manifests are now validated when copied so when copying a
2714
      manifest to another account the referenced segments must be
2715
      readable in that account for the manifest copy to succeed
2716
      (previously this validation was not made, meaning the manifest
2717
      was copied but could be unusable if the segments were not
2718
      readable).
2719

2720
      With this change, there should be no change in functionality or
2721
      existing behavior.
2722

2723
    * `fallocate_reserve` can now be a percentage (a value ending in "%"),
2724
      and the default has been adjusted to "1%".
2725

2726
    * Now properly require account/container metadata be valid UTF-8
2727

2728
    * TempURL responses now include an `Expires` header with the
2729
      expiration time embedded in the URL.
2730

2731
    * Non-Python dependencies are now listed in other-requirements.txt.
2732

2733
    * `swift-ring-builder` now supports a `--yes` option to assume a
2734
      yes response to all questions. This is useful for scripts.
2735

2736
    * Write requests to a replicated storage policy with an even number
2737
      of replicas now have a quorum size of half the replica count
2738
      instead of half-plus-one.
2739

2740
    * Container sync now logs per-container stat information so operators
2741
      can track progress. This is logged at INFO level.
2742

2743
    * `swift-dispersion-*` now allows region to be specified when there
2744
      are multiple Swift regions served by the same Keystone instance
2745

2746
    * Fix infinite recursion during logging when syslog is down.
2747

2748
    * Fixed a bug where a backend failure during a read could result in
2749
      a missing byte in the response body.
2750

2751
    * Stop `staticweb` revealing container existence to unauth'd requests.
2752

2753
    * Reclaim isolated .meta files if they are older than the `reclaim_age`.
2754

2755
    * Make `rsync` ignore its own temporary files instead of spreading
2756
      them around the cluster, wasting space.
2757

2758
    * The object auditor now ignores files in the devices directory when
2759
      auditing objects.
2760

2761
    * The deprecated `threads_per_disk` setting has been removed. Deployers
2762
      are encouraged to use `servers_per_port` instead.
2763

2764
    * Fixed an issue where a single-replica configuration for account or
2765
      container DBs could result in the DB being inadvertently deleted if
2766
      it was placed on a handoff node.
2767

2768
    * `disable_fallocate` now also correctly disables `fallocate_reserve`.
2769

2770
    * Fixed a bug where the account-reaper did not delete all containers
2771
      in a reaped account.
2772

2773
    * Correctly handle delimiter queries where results start with the
2774
      delimiter and no prefix is given.
2775

2776
    * Changed the recommended ports for Swift services from ports
2777
      6000-6002 to unused ports 6200-6202 so they do not conflict with
2778
      X-Windows or other services. Since these config values must be
2779
      explicitly set in the config file, this doesn't impact existing
2780
      deployments.
2781

2782
    * Fixed an instance where REPLICATE requests would not use
2783
      `replication_ip`.
2784

2785
    * Various other minor bug fixes and improvements.
2786

2787

2788
swift (2.7.0, OpenStack Mitaka)
2789

2790
    * Bump PyECLib requirement to >= 1.2.0
2791

2792
    * Update container on fast-POST
2793

2794
      "Fast-POST" is the mode where `object_post_as_copy` is set to
2795
      `False` in the proxy server config. This mode now allows for
2796
      fast, efficient updates of metadata without needing to fully
2797
      recopy the contents of the object. While the default still is
2798
      `object_post_as_copy` as True, the plan is to change the default
2799
      to False and then deprecate post-as-copy functionality in later
2800
      releases. Fast-POST now supports container-sync functionality.
2801

2802
    * Add concurrent reads option to proxy.
2803

2804
      This change adds 2 new parameters to enable and control concurrent
2805
      GETs in Swift, these are `concurrent_gets` and `concurrency_timeout`.
2806

2807
      `concurrent_gets` allows you to turn on or off concurrent
2808
      GETs; when on, it will set the GET/HEAD concurrency to the
2809
      replica count. And in the case of EC HEADs it will set it to
2810
      ndata. The proxy will then serve only the first valid source to
2811
      respond. This applies to all account, container, and replicated
2812
      object GETs and HEADs. For EC only HEAD requests are affected.
2813
      The default for `concurrent_gets` is off.
2814

2815
      `concurrency_timeout` is related to `concurrent_gets` and is
2816
      the amount of time to wait before firing the next thread. A
2817
      value of 0 will fire at the same time (fully concurrent), but
2818
      setting another value will stagger the firing allowing you the
2819
      ability to give a node a short chance to respond before firing
2820
      the next. This value is a float and should be somewhere between
2821
      0 and `node_timeout`. The default is `conn_timeout`, meaning by
2822
      default it will stagger the firing.
2823

2824
    * Added an operational procedures guide to the docs. It can be
2825
      found at https://docs.openstack.org/swift/latest/ops_runbook/index.html and
2826
      includes information on detecting and handling day-to-day
2827
      operational issues in a Swift cluster.
2828

2829
    * Make `handoffs_first` a more useful mode for the object replicator.
2830

2831
      The `handoffs_first` replication mode is used during periods of
2832
      problematic cluster behavior (e.g. full disks) when replication
2833
      needs to quickly drain partitions from a handoff node and move
2834
      them to a primary node.
2835

2836
      Previously, `handoffs_first` would sort that handoff work before
2837
      "normal" replication jobs, but the normal replication work could
2838
      take quite some time and result in handoffs not being drained
2839
      quickly enough.
2840

2841
      In order to focus on getting handoff partitions off the node
2842
      `handoffs_first` mode will now abort the current replication
2843
      sweep before attempting any primary suffix syncing if any of the
2844
      handoff partitions were not removed for any reason - and start
2845
      over with replication of handoffs jobs as the highest priority.
2846

2847
      Note that `handoffs_first` being enabled will emit a warning on
2848
      start up, even if no handoff jobs fail, because of the negative
2849
      impact it can have during normal operations by dog-piling on a
2850
      node that was temporarily unavailable.
2851

2852
    * By default, inbound `X-Timestamp` headers are now disallowed
2853
      (except when in an authorized container-sync request). This
2854
      header is useful for allowing data migration from other storage
2855
      systems to Swift and keeping the original timestamp of the data.
2856
      If you have this migration use case (or any other requirement on
2857
      allowing the clients to set an object's timestamp), set the
2858
      `shunt_inbound_x_timestamp` config variable to False in the
2859
      gatekeeper middleware config section of the proxy server config.
2860

2861
    * Requesting a SLO manifest file with the query parameters
2862
      "?multipart-manifest=get&format=raw" will return the contents of
2863
      the manifest in the format as was originally sent by the client.
2864
      The "format=raw" is new.
2865

2866
    * Static web page listings can now be rendered with a custom
2867
      label. By default listings are rendered with a label of:
2868
      "Listing of /v1/<account>/<container>/<path>". This change adds
2869
      a new custom metadata key/value pair
2870
      `X-Container-Meta-Web-Listings-Label: My Label` that when set,
2871
      will cause the following: "Listing of My Label/<path>" to be
2872
      rendered instead.
2873

2874
    * Previously, static large objects (SLOs) had a minimum segment
2875
      size (default to 1MiB). This limit has been removed, but small
2876
      segments will be ratelimited. The config parameter
2877
      `rate_limit_under_size` controls the definition of "small"
2878
      segments (1MiB by default), and `rate_limit_segments_per_sec`
2879
      controls how many segments per second can be served (default is 1).
2880
      With the default values, the effective behavior is identical to the
2881
      previous behavior when serving SLOs.
2882

2883
    * Container sync has been improved to perform a HEAD on the remote
2884
      side of the sync for each object being synced. If the object
2885
      exists on the remote side, container-sync will no longer
2886
      transfer the object, thus significantly lowering the network
2887
      requirements to use the feature.
2888

2889
    * The object auditor will now clean up any old, stale rsync temp
2890
      files that it finds. These rsync temp files are left if the
2891
      rsync process fails without completing a full transfer of an
2892
      object. Since these files can be large, the temp files may end
2893
      up filling a disk. The new auditor functionality will reap these
2894
      rsync temp files if they are old. The new object-auditor config
2895
      variable `rsync_tempfile_timeout` is the number of seconds old a
2896
      tempfile must be before it is reaped. By default, this variable
2897
      is set to "auto" or the rsync_timeout plus 900 seconds (falling
2898
      back to a value of 1 day).
2899

2900
    * The Erasure Code reconstruction process has been made more
2901
      efficient by not syncing data files when only the durable commit
2902
      file is missing.
2903

2904
    * Fixed a bug where 304 and 416 response may not have the right
2905
      Etag and Accept-Ranges headers when the object is stored in an
2906
      Erasure Coded policy.
2907

2908
    * Versioned writes now correctly stores the date of previous versions
2909
      using GMT instead of local time.
2910

2911
    * The deprecated Keystone middleware option is_admin has been removed.
2912

2913
    * Fixed log format in object auditor.
2914

2915
    * The zero-byte mode (ZBF) of the object auditor will now properly
2916
      observe the `--once` option.
2917

2918
    * Swift keeps track, internally, of "dirty" parts of the partition
2919
      keyspace with a "hashes.pkl" file. Operations on this file no
2920
      longer require a read-modify-write cycle and use a new
2921
      "hashes.invalid" file to track dirty partitions. This change
2922
      will improve end-user performance for PUT and DELETE operations.
2923

2924
    * The object replicator's succeeded and failed counts are now logged.
2925

2926
    * `swift-recon` can now query hosts by storage policy.
2927

2928
    * The log_statsd_host value can now be an IPv6 address or a hostname
2929
      which only resolves to an IPv6 address.
2930

2931
    * Erasure coded fragments now properly call fallocate to reserve disk
2932
      space before being written.
2933

2934
    * Various other minor bug fixes and improvements.
2935

2936

2937
swift (2.6.0)
2938

2939
    * Dependency changes
2940
      - Updated minimum version of eventlet to 0.17.4 to support IPv6.
2941

2942
      - Updated the minimum version of PyECLib to 1.0.7.
2943

2944
    * The ring rebalancing algorithm was updated to better handle edge cases
2945
      and to give better (more balanced) rings in the general case. New rings
2946
      will have better initial placement, capacity adjustments will move less
2947
      data for better balance, and existing rings that were imbalanced should
2948
      start to become better balanced as they go through rebalance cycles.
2949

2950
    * Added container and account reverse listings.
2951

2952
      A GET request to an account or container resource with a "reverse=true"
2953
      query parameter will return the listing in reverse order. When
2954
      iterating over pages of reverse listings, the relative order of marker
2955
      and end_marker are swapped.
2956

2957
    * Storage policies now support having more than one name.
2958

2959
      This allows operators to fix a typo without breaking existing clients,
2960
      or, alternatively, have "short names" for policies. This is implemented
2961
      with the "aliases" config key in the storage policy config in
2962
      swift.conf. The aliases value is a list of names that the storage
2963
      policy may also be identified by. The storage policy "name" is used to
2964
      report the policy to users (eg in container headers). The aliases have
2965
      the same naming restrictions as the policy's primary name.
2966

2967
    * The object auditor learned the "interval" config value to control the
2968
      time between each audit pass.
2969

2970
    * `swift-recon --all` now includes the config checksum check.
2971

2972
    * `swift-init` learned the --kill-after-timeout option to force a service
2973
      to quit (SIGKILL) after a designated time.
2974

2975
    * `swift-recon` now correctly shows timestamps in UTC instead of local
2976
      time.
2977

2978
    * Fixed bug where `swift-ring-builder` couldn't select device id 0.
2979

2980
    * Documented the previously undocumented
2981
      `swift-ring-builder pretend_min_part_hours_passed` command.
2982

2983
    * The "node_timeout" config value now accepts decimal values.
2984

2985
    * `swift-ring-builder` now properly removes devices with zero weight.
2986

2987
    * `swift-init` return codes are updated via "--strict" and "--non-strict"
2988
      options. Please see the usage string for more information.
2989

2990
    * `swift-ring-builder` now reports the min_part_hours lockout time
2991
      remaining
2992

2993
    * Container sync has been improved to more quickly find and iterate over
2994
      the containers to be synced. This reduced server load and lowers the
2995
      time required to see data propagate between two clusters. Please see
2996
      https://docs.openstack.org/swift/latest/overview_container_sync.html for more details
2997
      about the new on-disk structure for tracking synchronized containers.
2998

2999
    * A container POST will now update that container's put-timestamp value.
3000

3001
    * TempURL header restrictions are now exposed in /info.
3002

3003
    * Error messages on static large object manifest responses have been
3004
      greatly improved.
3005

3006
    * Closed a bug where an unfinished read of a large object would leak a
3007
      socket file descriptor and a small amount of memory. (CVE-2016-0738)
3008

3009
    * Fixed an issue where a zero-byte object PUT with an incorrect Etag
3010
      would return a 503.
3011

3012
    * Fixed an error when a static large object manifest references the same
3013
      object more than once.
3014

3015
    * Improved performance of finding handoff nodes if a zone is empty.
3016

3017
    * Fixed duplication of headers in Access-Control-Expose-Headers on CORS
3018
      requests.
3019

3020
    * Fixed handling of IPv6 connections to memcache pools.
3021

3022
    * Continued work towards python 3 compatibility.
3023

3024
    * Various other minor bug fixes and improvements.
3025

3026

3027
swift (2.5.0, OpenStack Liberty)
3028

3029
    * Added the ability to specify ranges for Static Large Object (SLO)
3030
      segments.
3031

3032
    * Replicator configs now support an "rsync_module" value to allow
3033
      for per-device rsync modules. This setting gives operators the
3034
      ability to fine-tune replication traffic in a Swift cluster and
3035
      isolate replication disk IO to a particular device. Please see
3036
      the docs and sample config files for more information and
3037
      examples.
3038

3039
    * Significant work has gone in to testing, fixing, and validating
3040
      Swift's erasure code support at different scales.
3041

3042
    * Swift now emits StatsD metrics on a per-policy basis.
3043

3044
    * Fixed an issue with Keystone integration where a COPY request to a
3045
      service account may have succeeded even if a service token was not
3046
      included in the request.
3047

3048
    * Ring validation now warns if a placement partition gets assigned to the
3049
      same device multiple times. This happens when devices in the ring are
3050
      unbalanced (e.g. two servers where one server has significantly more
3051
      available capacity).
3052

3053
    * Various other minor bug fixes and improvements.
3054

3055

3056
swift (2.4.0)
3057

3058
    * Dependency changes
3059

3060
      - Added six requirement. This is part of an ongoing effort to add
3061
        support for Python 3.
3062

3063
      - Dropped support for Python 2.6.
3064

3065
    * Config changes
3066

3067
      - Recent versions of Python restrict the number of headers allowed in a
3068
        request to 100. This number may be too low for custom middleware. The
3069
        new "extra_header_count" config value in swift.conf can be used to
3070
        increase the number of headers allowed.
3071

3072
      - Renamed "run_pause" setting to "interval" (current configs with
3073
        run_pause still work). Future versions of Swift may remove the
3074
        run_pause setting.
3075

3076
    * Versioned writes middleware
3077

3078
      The versioned writes feature has been refactored and reimplemented as
3079
      middleware. You should explicitly add the versioned_writes middleware to
3080
      your proxy pipeline, but do not remove or disable the existing container
3081
      server config setting ("allow_versions"), if it is currently enabled.
3082
      The existing container server config setting enables existing
3083
      containers to continue being versioned. Please see
3084
      https://docs.openstack.org/swift/latest/middleware.html#how-to-enable-object-versioning-in-a-swift-cluster
3085
      for further upgrade notes.
3086

3087
    * Allow 1+ object-servers-per-disk deployment
3088

3089
      Enabled by a new > 0 integer config value, "servers_per_port" in the
3090
      [DEFAULT] config section for object-server and/or replication server
3091
      configs. The setting's integer value determines how many different
3092
      object-server workers handle requests for any single unique local port
3093
      in the ring. In this mode, the parent swift-object-server process
3094
      continues to run as the original user (i.e. root if low-port binding
3095
      is required), binds to all ports as defined in the ring, and forks off
3096
      the specified number of workers per listen socket. The child, per-port
3097
      servers drop privileges and behave pretty much how object-server workers
3098
      always have, except that because the ring has unique ports per disk, the
3099
      object-servers will only be handling requests for a single disk. The
3100
      parent process detects dead servers and restarts them (with the correct
3101
      listen socket), starts missing servers when an updated ring file is
3102
      found with a device on the server with a new port, and kills extraneous
3103
      servers when their port is found to no longer be in the ring. The ring
3104
      files are stat'ed at most every "ring_check_interval" seconds, as
3105
      configured in the object-server config (same default of 15s).
3106

3107
      In testing, this deployment configuration (with a value of 3) lowers
3108
      request latency, improves requests per second, and isolates slow disk
3109
      IO as compared to the existing "workers" setting. To use this, each
3110
      device must be added to the ring using a different port.
3111

3112
    * Do container listing updates in another (green)thread
3113

3114
      The object server has learned the "container_update_timeout" setting
3115
      (with a default of 1 second). This value is the number of seconds that
3116
      the object server will wait for the container server to update the
3117
      listing before returning the status of the object PUT operation.
3118

3119
      Previously, the object server would wait up to 3 seconds for the
3120
      container server response. The new behavior dramatically lowers object
3121
      PUT latency when container servers in the cluster are busy (e.g. when
3122
      the container is very large). Setting the value too low may result in a
3123
      client PUT'ing an object and not being able to immediately find it in
3124
      listings. Setting it too high will increase latency for clients when
3125
      container servers are busy.
3126

3127
    * TempURL fixes (closes CVE-2015-5223)
3128

3129
      Do not allow PUT tempurls to create pointers to other data.
3130
      Specifically, disallow the creation of DLO object manifests via a PUT
3131
      tempurl. This prevents discoverability attacks which can use any PUT
3132
      tempurl to probe for private data by creating a DLO object manifest and
3133
      then using the PUT tempurl to head the object.
3134

3135
    * Ring changes
3136

3137
      - Partition placement no longer uses the port number to place
3138
        partitions. This improves dispersion in small clusters running one
3139
        object server per drive, and it does not affect dispersion in
3140
        clusters running one object server per server.
3141

3142
      - Added ring-builder-analyzer tool to more easily test and analyze a
3143
        series of ring management operations.
3144

3145
      - Stop moving partitions unnecessarily when overload is on.
3146

3147
    * Significant improvements and bug fixes have been made to erasure code
3148
      support. This feature is suitable for beta testing, but it is not yet
3149
      ready for broad production usage.
3150

3151
    * Bulk upload now treats user xattrs on files in the given archive as
3152
      object metadata on the resulting created objects.
3153

3154
    * Emit warning log in object replicator if "handoffs_first" or
3155
      "handoff_delete" is set.
3156

3157
    * Enable object replicator's failure count in swift-recon.
3158

3159
    * Added storage policy support to dispersion tools.
3160

3161
    * Support keystone v3 domains in swift-dispersion.
3162

3163
    * Added domain_remap information to the /info endpoint.
3164

3165
    * Added support for a "default_reseller_prefix" in domain_remap
3166
      middleware config.
3167

3168
    * Allow SLO PUTs to forgo per-segment integrity checks. Previously, each
3169
      segment referenced in the manifest also needed the correct etag and
3170
      bytes setting. These fields now allow the "null" value to skip those
3171
      particular checks on the given segment.
3172

3173
    * Allow rsync to use compression via a "rsync_compress" config. If set to
3174
      true, compression is only enabled for an rsync to a device in a
3175
      different region. In some cases, this can speed up cross-region
3176
      replication data transfer.
3177

3178
    * Added time synchronization check in swift-recon (the --time option).
3179

3180
    * The account reaper now runs faster on large accounts.
3181

3182
    * Various other minor bug fixes and improvements.
3183

3184

3185
swift (2.3.0, OpenStack Kilo)
3186

3187
    * Erasure Code support (beta)
3188

3189
      Swift now supports an erasure-code (EC) storage policy type. This allows
3190
      deployers to achieve very high durability with less raw capacity as used
3191
      in replicated storage. However, EC requires more CPU and network
3192
      resources, so it is not good for every use case. EC is great for storing
3193
      large, infrequently accessed data in a single region.
3194

3195
      Swift's implementation of erasure codes is meant to be transparent to
3196
      end users. There is no API difference between replicated storage and
3197
      EC storage.
3198

3199
      To support erasure codes, Swift now depends on PyECLib and
3200
      liberasurecode. liberasurecode is a pluggable library that allows for
3201
      the actual EC algorithm to be implemented in a library of your choosing.
3202

3203
      As a beta release, EC support is nearly fully feature complete, but it
3204
      is lacking support for some features (like multi-range reads) and has
3205
      not had a full performance characterization. This feature relies on
3206
      ssync for durability. Deployers are urged to do extensive testing and
3207
      not deploy production data using an erasure code storage policy.
3208

3209
      Full docs are at https://docs.openstack.org/swift/latest/overview_erasure_code.html
3210

3211
    * Add support for container TempURL Keys.
3212

3213
    * Make more memcache options configurable. connection_timeout,
3214
      pool_timeout, tries, and io_timeout are all now configurable.
3215

3216
    * Swift now supports composite tokens. This allows another service to
3217
      act on behalf of a user, but only with that user's consent.
3218
      See https://docs.openstack.org/swift/latest/overview_auth.html for more details.
3219

3220
    * Multi-region replication was improved. When replicating data to a
3221
      different region, only one replica will be pushed per replication
3222
      cycle. This gives the remote region a chance to replicate the data
3223
      locally instead of pushing more data over the inter-region network.
3224

3225
    * Internal requests from the ratelimit middleware now properly log a
3226
      swift_source. See https://docs.openstack.org/swift/latest/logs.html for details.
3227

3228
    * Improved storage policy support for quarantine stats in swift-recon.
3229

3230
    * The proxy log line now includes the request's storage policy index.
3231

3232
    * Ring checker has been added to swift-recon to validate if rings are
3233
      built correctly. As part of this feature, storage servers have learned
3234
      the OPTIONS verb.
3235

3236
    * Add support of x-remove- headers for container-sync.
3237

3238
    * Rings now support hostnames instead of just IP addresses.
3239

3240
    * Swift now enforces that the API version on a request is valid. Valid
3241
      versions are configured via the valid_api_versions setting in swift.conf
3242

3243
    * Various other minor bug fixes and improvements.
3244

3245

3246
swift (2.2.2)
3247

3248
    * Data placement changes
3249

3250
      This release has several major changes to data placement in Swift in
3251
      order to better handle different deployment patterns. First, with an
3252
      unbalance-able ring, less partitions will move if the movement doesn't
3253
      result in any better dispersion across failure domains. Also, empty
3254
      (partition weight of zero) devices will no longer keep partitions after
3255
      rebalancing when there is an unbalance-able ring.
3256

3257
      Second, the notion of "overload" has been added to Swift's rings. This
3258
      allows devices to take some extra partitions (more than would normally
3259
      be allowed by the device weight) so that smaller and unbalanced clusters
3260
      will have less data movement between servers, zones, or regions if there
3261
      is a failure in the cluster.
3262

3263
      Finally, rings have a new metric called "dispersion". This is the
3264
      percentage of partitions in the ring that have too many replicas in a
3265
      particular failure domain. For example, if you have three servers in a
3266
      cluster but two replicas for a partition get placed onto the same
3267
      server, that partition will count towards the dispersion metric. A
3268
      lower value is better, and the value can be used to find the proper
3269
      value for "overload".
3270

3271
      The overload and dispersion metrics have been exposed in the
3272
      swift-ring-build CLI tools.
3273

3274
      See https://docs.openstack.org/swift/latest/overview_ring.html
3275
      for more info on how data placement works now.
3276

3277
    * Improve replication of large out-of-sync, out-of-date containers.
3278

3279
    * Added console logging to swift-drive-audit with a new log_to_console
3280
      config option (default False).
3281

3282
    * Optimize replication when a device and/or partition is specified.
3283

3284
    * Fix dynamic large object manifests getting versioned. This was not
3285
      intended and did not work. Now it is properly prevented.
3286

3287
    * Fix the GET's response code when there is a missing segment in a
3288
      large object manifest.
3289

3290
    * Change black/white listing in ratelimit middleware to use sysmeta.
3291
      Instead of using the config option, operators can set
3292
      "X-Account-Sysmeta-Global-Write-Ratelimit: WHITELIST" or
3293
      "X-Account-Sysmeta-Global-Write-Ratelimit: BLACKLIST" on an account to
3294
      whitelist or blacklist it for ratelimiting. Note: the existing
3295
      config options continue to work.
3296

3297
    * Use TCP_NODELAY on outgoing connections.
3298

3299
    * Improve object-replicator startup time.
3300

3301
    * Implement OPTIONS verb for storage nodes.
3302

3303
    * Various other minor bug fixes and improvements.
3304

3305

3306
swift (2.2.1)
3307

3308
    * Swift now rejects object names with Unicode surrogates.
3309

3310
    * Return 403 (instead of 413) on unauthorized upload when over account
3311
      quota.
3312

3313
    * Fix a rare condition when a rebalance could cause swift-ring-builder
3314
      to crash. This would only happen on old ring files when "rebalance"
3315
      was the first command run.
3316

3317
    * Storage node error limits now survive a ring reload.
3318

3319
    * Speed up reading and writing xattrs for object metadata by using larger
3320
      xattr value sizes. The change is moving from 254 byte values to 64KiB
3321
      values. There is no migration issue with this.
3322

3323
    * Deleted containers beyond the reclaim age are now properly reclaimed.
3324

3325
    * Full Simplified Chinese translation (zh_CN locale) for errors and logs.
3326

3327
    * Container quota is now properly enforced during cross-account COPY.
3328

3329
    * ssync replication now properly uses the configured replication_ip.
3330

3331
    * Fixed issue were ssync did not replicate custom object headers.
3332

3333
    * swift-drive-audit now has the 'unmount_failed_device' config option
3334
      (default to True) that controls if the process will unmount failed
3335
      drives or not.
3336

3337
    * swift-drive-audit will now dump drive error rates to a recon file.
3338
      The file location is controlled by the 'recon_cache_path' config value
3339
      and it includes each drive and its associated number of errors.
3340

3341
    * When a filesystem does't support xattr, the object server now returns
3342
      a 507 Insufficient Storage error to the proxy server.
3343

3344
    * Clean up empty account and container partitions directories if they
3345
      are empty. This keeps the system healthy and prevents a large number
3346
      of empty directories from slowing down the replication process.
3347

3348
    * Show the sum of every policy's amount of async pendings in swift-recon.
3349

3350
    * Various other minor bug fixes and improvements.
3351

3352

3353
swift (2.2.0, OpenStack Juno)
3354

3355
    * Added support for Keystone v3 auth.
3356

3357
      Keystone v3 introduced the concept of "domains" and user names
3358
      are no longer unique across domains. Swift's Keystone integration
3359
      now requires that ACLs be set on IDs, which are unique across
3360
      domains, and further restricts setting new ACLs to only use IDs.
3361

3362
      Please see https://docs.openstack.org/swift/latest/overview_auth.html for
3363
      more information on configuring Swift and Keystone together.
3364

3365
    * Swift now supports server-side account-to-account copy. Server-
3366
      side copy in Swift requires the X-Copy-From header (on a PUT)
3367
      or the Destination header (on a COPY). To initiate an account-to-
3368
      account copy, the existing header value remains the same, but the
3369
      X-Copy-From-Account header (on a PUT) or the Destination-Account
3370
      (on a COPY) are used to indicate the proper account.
3371

3372
    * Limit partition movement when adding a new placement tier.
3373

3374
      When adding a new placement tier (server, zone, or region), Swift
3375
      previously attempted to move all placement partitions, regardless
3376
      of the space available on the new tier, to ensure the best possible
3377
      durability. Unfortunately, this could result in too many partitions
3378
      being moved all at once to a new tier. Swift's ring-builder now
3379
      ensures that only the correct number of placement partitions are
3380
      rebalanced, and thus makes adding capacity to the cluster more
3381
      efficient.
3382

3383
    * Per storage policy container counts are now reported in an
3384
      account response headers.
3385

3386
    * Swift will now reject, with a 4xx series response, GET requests
3387
      with more than 50 ranges, more than 3 overlapping ranges, or more
3388
      than 8 non-increasing ranges.
3389

3390
    * The bind_port config setting is now required to be explicitly set.
3391

3392
    * The object server can now use splice() for a zero-copy GET
3393
      response. This feature is enabled with the "splice" config variable
3394
      in the object server config and defaults to off. Also, this feature
3395
      only works on recent Linux kernels (AF_ALG sockets must be
3396
      supported). A zero-copy GET response can significantly reduce CPU
3397
      requirements for object servers.
3398

3399
    * Added "--no-overlap" option to swift-dispersion populate so that
3400
      multiple runs of the tool can add coverage without overlapping
3401
      existing monitored partitions.
3402

3403
    * swift-recon now supports filtering by region.
3404

3405
    * Various other minor bug fixes and improvements.
3406

3407

3408
swift (2.1.0)
3409

3410
    * swift-ring-builder placement was improved to allow gradual addition
3411
      of new regions without causing a massive migration of data to the new
3412
      region. The change was to prefer device weight first, then look at
3413
      failure domains.
3414

3415
    * Logging updates
3416

3417
      - Eliminated "Handoff requested (N)" log spam.
3418

3419
      - Added process pid to the end of storage node log lines.
3420

3421
      - Container auditor now logs a warning if the devices path contains a
3422
        non-directory.
3423

3424
      - Object daemons now send a user-agent string with their full name.
3425

3426
    * 412 and 416 responses are no longer tracked as errors in the StatsD
3427
      messages from the backend servers.
3428

3429
    * Parallel object auditor
3430

3431
      The object auditor can now be controlled with a "concurrency" config
3432
      value that allows multiple auditor processes to run at once. Using
3433
      multiple parallel auditor processes can speed up the overall auditor
3434
      cycle time.
3435

3436
    * The object updater will now concurrently update each necessary node
3437
      in a new greenthread.
3438

3439
    * TempURL updates
3440

3441
      - The default allowed methods have changed to also allow POST and
3442
        DELETE. The new default list is "GET HEAD PUT POST DELETE".
3443

3444
      - TempURLs for POST now also allow HEAD, matching existing GET and PUT
3445
        functionality.
3446

3447
      - Added filename*= support to TempURL Content-Disposition response
3448
        header.
3449

3450
    * X-Delete-At/After can now be used with the FormPost middleware.
3451

3452
    * Make swift-form-signature output a sample form.
3453

3454
    * Add v2 API to list endpoints middleware
3455

3456
      The new API adds better support for storage policies and changes the
3457
      response from a list of backend urls to a dictionary with the keys
3458
      "endpoints" and "headers". The endpoints key contains a list of the
3459
      backend urls, and the headers key is a dictionary of headers to send
3460
      along with the backend request.
3461

3462
    * Added allow_account_management and account_autocreate values to /info
3463
      responses.
3464

3465
    * Enable object system metadata on PUTs (Note: POST support is ongoing).
3466

3467
    * Various other minor bug fixes and improvements.
3468

3469

3470
swift (2.0.0)
3471

3472
    * Storage policies
3473

3474
      Storage policies allow deployers to configure multiple object rings
3475
      and expose them to end users on a per-container basis. Deployers
3476
      can create policies based on hardware performance, regions, or other
3477
      criteria and independently choose different replication factors on
3478
      them. A policy is set on a Swift container at container creation
3479
      time and cannot be changed.
3480

3481
      Full docs are at https://docs.openstack.org/swift/latest/overview_policies.html
3482

3483
    * Add profiling middleware in Swift
3484

3485
      The profile middleware provides a tool to profile Swift
3486
      code on the fly and collects statistical data for performance
3487
      analysis. A native simple Web UI is also provided to help
3488
      query and visualize the data.
3489

3490
    * Add --quoted option to swift-temp-url
3491

3492
    * swift-recon now supports checking the md5sum of swift.conf, which
3493
      helps deployers verify configurations are consistent across a cluster.
3494

3495
    * Users can now set the transaction id suffix by passing in
3496
      a value in the X-Trans-Id-Extra header.
3497

3498
    * New log_max_line_length option caps the maximum length of a log line.
3499

3500
    * Support If-[Un]Modified-Since for object HEAD
3501

3502
    * Added missing constraints and ratelimit parameters to /info
3503

3504
    * Add ability to remove subsections from /info
3505

3506
    * Unify logging for account, container, and object server processes
3507
      to provide a consistent message format. This change reorders the
3508
      fields logged for the account server.
3509

3510
    * Add targeted config loading to swift-init. This allows an easier
3511
      and more explicit way to tell swift-init to run specific server
3512
      process configurations.
3513

3514
    * Properly quote www-authenticate (CVE-2014-3497)
3515

3516
    * Fix logging issue when services stop on py26.
3517

3518
    * Change the default logged length of the auth token to 16.
3519

3520
    * Explicitly set permissions on generated ring files to 0644
3521

3522
    * Fix file uploads larger than 2GiB in the formpost feature
3523

3524
    * Fixed issue where large objects would fail to download if the
3525
      auth token expired partway through the download
3526

3527
    * Various other minor bug fixes and improvements
3528

3529

3530
swift (1.13.1, OpenStack Icehouse)
3531

3532
    * Change the behavior of CORS responses to better match the spec
3533

3534
      A new proxy config variable (strict_cors_mode, default to True)
3535
      has been added. Setting it to False keeps the old behavior. For
3536
      an overview of old versus new behavior, please see
3537
      https://review.opendev.org/#/c/69419/
3538

3539
    * Invert the responsibility of the two instances of proxy-logging in
3540
      the proxy pipeline
3541

3542
      The first proxy_logging middleware instance to receive a request
3543
      in the pipeline marks that request as handling it. So now, the
3544
      left most proxy_logging middleware handles logging for all
3545
      client requests, and the right most proxy_logging middleware
3546
      handles all other requests initiated from within the pipeline to
3547
      its left. This fixes logging related to large object
3548
      requests not properly recording bandwidth.
3549

3550
    * Added swift-container-info and swift-account-info tools
3551

3552
    * Allow specification of object devices for audit
3553

3554
    * Dynamic large object COPY requests with ?multipart-manifest=get
3555
      now work as expected
3556

3557
    * When a client is downloading a large object and one of the segment
3558
      reads gets bad data, Swift will now immediately abort the request.
3559

3560
    * Fix ring-builder crash when a ring partition was assigned to a
3561
      deleted device, zero-weighted device, and normal device
3562

3563
    * Make probetests work with conf.d configs
3564

3565
    * Various other minor bug fixes and improvements.
3566

3567

3568
swift (1.13.0)
3569

3570
    * Account-level ACLs and ACL format v2
3571

3572
      Accounts now have a new privileged header to represent ACLs or
3573
      any other form of account-level access control. The value of
3574
      the header is a JSON dictionary string to be interpreted by the
3575
      auth system. A reference implementation is given in TempAuth.
3576
      Please see the full docs at
3577
      https://docs.openstack.org/swift/latest/overview_auth.html
3578

3579
    * Added a WSGI environment flag to stop swob from always using
3580
      absolute location. This is useful if middleware needs to use
3581
      out-of-spec Location headers in a response.
3582

3583
    * Container sync proxies now support simple load balancing
3584

3585
    * Config option to lower the timeout for recoverable object GETs
3586

3587
    * Add a way to ratelimit all writes to an account
3588

3589
    * Allow multiple storage_domain values in cname_lookup middleware
3590

3591
    * Moved all DLO functionality into middleware
3592

3593
      The proxy will automatically insert the dlo middleware at an
3594
      appropriate place in the pipeline the same way it does with the
3595
      gatekeeper middleware. Clusters will still support DLOs after upgrade
3596
      even with an old config file that doesn't mention dlo at all.
3597

3598
    * Remove python-swiftclient dependency
3599

3600
    * Add secondary groups to process user during privilege escalation
3601

3602
    * When logging request headers, it is now possible to specify
3603
      specifically which headers should be logged
3604

3605
    * Added log_requests config parameter to account and container servers
3606
      to match the parameter in the object server. This allows a deployer
3607
      to turn off log messages for these processes.
3608

3609
    * Ensure swift.source is set for DLO/SLO requests
3610

3611
    * Fixed an issue where overwriting segments in a dynamic manifest
3612
      could cause issues on pipelined requests.
3613

3614
    * Properly handle COPY verb in container quota middleware
3615

3616
    * Improved StaticWeb 404 error message on web-listings and index
3617

3618
    * Various other minor bug fixes and improvements.
3619

3620

3621
swift (1.12.0)
3622

3623
    * Several important pieces of information have been added to /info:
3624

3625
       - Configured constraints are included and allow a client to discover
3626
         the limits on names and object sizes that the cluster supports.
3627

3628
       - The supported tempurl methods are now included.
3629

3630
       - Static large object constraints are now included.
3631

3632
    * The Last-Modified header value returned will now be the object's
3633
      timestamp rounded up to the next second. This allows subsequent
3634
      requests with If-[un]modified-Since to use the Last-Modified
3635
      value as expected.
3636

3637
    * Non-integer values for if-delete-at headers will now properly
3638
      report a 400 error instead of a 503.
3639

3640
    * Fix object versioning with non-ASCII container names.
3641

3642
    * Bulk delete with POST now works properly.
3643

3644
    * Generic means for persisting system metadata
3645

3646
      Swift now supports system-level metadata on accounts and
3647
      containers. System metadata provides a means to store internal
3648
      custom metadata with associated Swift resources in a safe and
3649
      secure fashion without actually having to plumb custom metadata
3650
      through the core swift servers. The new gatekeeper middleware
3651
      prevents this system metadata from leaking into the request or
3652
      being set by a client.
3653

3654
    * catch_errors and gatekeeper middleware are now forced into the proxy
3655
      pipeline if not explicitly referenced.
3656

3657
    * New container sync configuration option, separating the end user
3658
      from knowing the required end point and adding more secure
3659
      signed requests. See
3660
      https://docs.openstack.org/swift/latest/overview_container_sync.html
3661
      for full information.
3662

3663
    * bulk middleware now can be configured to retry deleting containers.
3664

3665
    * The default yield_frequency used to keep client connections alive
3666
      during slow bulk requests was reduced from 60 seconds to 10 seconds.
3667
      While this is a change to a default, it should not affect deployments
3668
      and there is no migration process needed.
3669

3670
    * Swift processes will attempt to set RLIMIT_NPROC to 8192.
3671

3672
    * Server processes will now exit with a non-zero error code on config
3673
      errors.
3674

3675
    * Warn if read_affinity is configured but not enabled.
3676

3677
    * Fix checkmount error parsing in swift-recon.
3678

3679
    * Log at warn level when an object is quarantined.
3680

3681
    * Fixed CVE-2014-0006 to avoid a potential timing attack with tempurl.
3682

3683
    * Various other minor bug fixes and improvements.
3684

3685

3686
swift (1.11.0)
3687

3688
    * Added discoverable capabilities
3689

3690
      A Swift proxy server now by default (although it can be turned off)
3691
      will respond to requests to /info. The response to these requests
3692
      include information about the cluster and can be used by clients to
3693
      determine which features are supported in the cluster.
3694

3695
    * Object replication ssync (an rsync alternative)
3696

3697
      A Swift storage node can now be configured to use Swift primitives
3698
      for replication transport instead of rsync. This is an experimental
3699
      feature that is not yet considered production ready.
3700

3701
    * If a source times out on an object server read, try another one
3702
      of them with a modified range.
3703

3704
    * The proxy now responds to many types of requests as soon as it
3705
      has a quorum. This can help speed up responses (without
3706
      changing the results), especially when one node is acting up.
3707
      There is a post_quorum_timeout config value that can tune how
3708
      long to wait for requests to finish after a quorum has been
3709
      established.
3710

3711
    * Add accurate timestamps in proxy log lines for the start and
3712
      end of a request. These are added as new fields on the end of
3713
      the existing log lines, and therefore should not break
3714
      existing, well-behaved log processors.
3715

3716
    * Add an "inline" query parameter to tempurl
3717

3718
      By default, temporary URLs add a "Content-Disposition" header
3719
      that forces many clients to download the object. Now, temporary
3720
      URLs support an optional "inline" query parameter that will
3721
      force a "Content-Disposition: inline" header to be added to the
3722
      response, overriding the default.
3723

3724
    * Use TCP_NODELAY for created sockets. This can dramatically
3725
      lower latency for small object workloads.
3726

3727
    * DiskFile API, with reference implementation
3728

3729
      The DiskFile abstraction for talking to data on disk has been
3730
      refactored to allow alternate implementations to be developed.
3731
      Included in the codebase is an in-memory reference
3732
      implementation. For full documentation, please see the developer
3733
      documentation. The DiskFile API is still a work in progress and
3734
      is not yet finalized.
3735

3736
    * Removal of swift-bench
3737

3738
      The included benchmarking tool swift-bench has been extracted
3739
      from the codebase and is now in its own repository at
3740
      https://github.com/openstack/swift-bench. New swift-bench
3741
      binaries and packages may be found on PyPI at
3742
      https://pypi.org/project/swift-bench
3743

3744
    * Bulk delete now also supports the POST verb, in addition to DELETE
3745

3746
    * Added functionality to the swift-ring-builder to support
3747
      limited recreation of ring builder files from the ring file itself.
3748

3749
    * HEAD on account now returns 410 if account was deleted and
3750
      not yet reaped. The old behavior was to return a 404.
3751

3752
    * Fixed a bug introduced since the 1.10.0 release that
3753
      prevented expired objects from being removed from the system.
3754
      This resulted in orphaned expired objects taking up space on
3755
      the system but inaccessible to the API. This regression and
3756
      fix are only important if you have deployed code since the
3757
      1.10.0 release. For a full discussion, including a script that
3758
      can be used to clean up orphaned objects, see
3759
      https://bugs.launchpad.net/swift/+bug/1257330
3760

3761
    * Tie socket write buffer size to server chunk size parameter. This
3762
      pairs the underlying network buffer size with the size of data
3763
      that Swift attempts to read from the connection, thereby
3764
      improving efficiency and throughput on connections.
3765

3766
    * Fix 500 from account-quota middleware. If a user had set
3767
      X-Account-Meta-Quota-Bytes to something non-integer prior to
3768
      the installation of the account-quota middleware, then the
3769
      quota check would choke on it. Now a non-integer value is
3770
      treated as "no quota".
3771

3772
    * Quarantine objects with busted metadata. Before, if you
3773
      encountered an object with corrupt or missing xattrs, the
3774
      object server would return a 500 on GET, and wouldn't quarantine
3775
      anything. Now the object server returns a 404 for that GET and
3776
      the corrupted file is quarantined, thus giving replication a
3777
      chance to fix it.
3778

3779
    * Fix quarantine and error counts in audit logs
3780

3781
    * Report transaction ID in failure exception logs
3782

3783
    * Make pbr a build-time only dependency
3784

3785
    * Worked around a bug in eventlet 0.9.16 where the size of the
3786
      memcache connection pools would grow unbounded.
3787

3788
    * Tempurl keys are now properly stored as utf8
3789

3790
    * Fixed an issue where concurrent PUT requests to accounts or
3791
      containers may result in errors due to locked databases.
3792

3793
    * Handle copy requests in account and container quota middleware
3794

3795
    * Now ensure that a WWW-Authenticate header is on all 401 responses
3796

3797
    * Various other bug fixes and improvements
3798

3799

3800
swift (1.10.0, OpenStack Havana)
3801

3802
    * Added support for pooling memcache connections
3803

3804
    * Added support to replicating handoff partitions first in object
3805
      replication. Can also configure how many remote nodes a storage node
3806
      must talk to before removing a local handoff partition.
3807

3808
    * Fixed bug where memcache entries would not expire
3809

3810
    * Much faster calculation for choosing handoff nodes
3811

3812
    * Added container listing ratelimiting
3813

3814
    * Fixed issue where the proxy would continue to read from a storage
3815
      server even after a client had disconnected
3816

3817
    * Added support for headers that are only visible to the owner of a Swift
3818
      account
3819

3820
    * Fixed ranged GET with If-None-Match
3821

3822
    * Fixed an issue where rings may not be balanced after initial creation
3823

3824
    * Fixed internationalization support
3825

3826
    * Return the correct etag for a static large object on the PUT response
3827

3828
    * Allow users to extract archives to containers with ACLs set
3829

3830
    * Fix support for range requests against static large objects
3831

3832
    * Now logs x-copy-from header in a useful place
3833

3834
    * Reverted back to old XML output of account and container listings to
3835
      ensure older clients do not break
3836

3837
    * Account quotas now appropriately handle copy requests
3838

3839
    * Fix issue with UTF-8 handling in versioned writes
3840

3841
    * Various other bug fixes and improvements, including support for running
3842
      Swift under Pypy and continuing work to support storage policies
3843

3844

3845
swift (1.9.1)
3846

3847
    * Disallow PUT, POST, and DELETE requests from creating older tombstone
3848
      files, preventing the possibility of filling up the disk and removing
3849
      unnecessary container updates.
3850

3851
    * Set default wsgi workers to cpu_count
3852

3853
      Change the default value of wsgi workers from 1 to auto. The new
3854
      default value for workers in the proxy, container, account & object
3855
      wsgi servers will spawn as many workers per process as you have cpu
3856
      cores. This will not be ideal for some configurations, but it's much
3857
      more likely to produce a successful out of the box deployment.
3858

3859
    * Added reveal_sensitive_prefix config setting to filter the auth token
3860
      logged by the proxy server.
3861

3862
    * Ensure Keystone's reseller prefix ends with an underscore. Previously
3863
      this was a recommendation--now it is enforced.
3864

3865
    * Added log_file_pattern config to swift-drive-audit for drive errors
3866

3867
    * Add support for telling Swift to detect a content type on a request.
3868

3869
    * Additional object stats are now logged in the object auditor
3870

3871
    * Moved the DiskFile interface into its own module
3872

3873
    * Ensure the SQLite cursors are closed when creating functions
3874

3875
    * Better support for valid Accept headers
3876

3877
    * In Keystone, don't allow users to delete their own account
3878

3879
    * Return a UTC timezone designator in container listings
3880

3881
    * Ensure that users can't remove their account quotas
3882

3883
    * Allow floating point value for dispersion coverage
3884

3885
    * Fix incorrect error page handling in staticweb
3886

3887
    * Add utf-8 charset to multipart-manifest=get response.
3888

3889
    * Allow dispersion tools to use keystone server with insecure certificate
3890

3891
    * Ensure that files are always closed in tests
3892

3893
    * Use OpenStack's "Hacking" guidelines for code formatting
3894

3895
    * Various other minor bug fixes and improvements
3896

3897

3898
swift (1.9.0)
3899

3900
    * Global clusters support
3901

3902
      The "region" concept introduced in Swift 1.8.0 has been augmented with
3903
      support for using a separate replication network and configuring read
3904
      and write affinity. These features combine to offer support for a single
3905
      Swift cluster spanning wide geographic area.
3906

3907
    * Disk performance
3908

3909
      The object server now can be configured to use threadpools to increase
3910
      performance and smooth out latency throughout the system. Also, many
3911
      disk operations were reordered to increase reliability and improve
3912
      performance.
3913

3914
    * Added config file conf.d support
3915

3916
      Allow Swift daemons and servers to optionally accept a directory as the
3917
      configuration parameter. This allows different parts of the config file
3918
      to be managed separately, eg each middleware could use a separate file
3919
      for its particular config settings.
3920

3921
    * Allow two TempURL keys per account
3922

3923
      By adding a second key, a user can safely rotate keys and prevent URLs
3924
      already in use from becoming invalid. TempURL middlware has also been
3925
      updated to allow a configuable set of allowed methods and to prevent a
3926
      bugrelated to content-disposition names.
3927

3928
    * Added crossdomain.xml middleware. See
3929
      https://docs.openstack.org/swift/latest/crossdomain.html for details
3930

3931
    * Added rsync bandwidth limit setting for object replicator
3932

3933
    * Transaction ID updated to include the time and an optional suffix
3934

3935
    * Added x-remove-versions-location header to disable versioned writes
3936

3937
    * Improvements to support for Keystone ACLs
3938

3939
    * Added parallelism to object expirer daemon
3940

3941
    * Added support for ring hash prefix in addition to the existing suffix
3942

3943
    * Allow all headers requested for CORS
3944

3945
    * Stop getting useless bytes on manifest Range requests
3946

3947
    * Improved container-sync resiliency
3948

3949
    * Added example Apache config files. See
3950
      https://docs.openstack.org/swift/latest/apache_deployment_guide.html
3951
      for more info
3952

3953
    * If an account is marked as deleted but hasn't been reaped and is still
3954
      on disk, responses will include an "X-Account-Status" header
3955

3956
    * Fix 503 on account/container HEAD with invalid format
3957

3958
    * Added extra safety on account-level DELETE when using bulk deletes
3959

3960
    * Made colons quote-safe in logs (mainly for IPv6)
3961

3962
    * Fixed bug with bulk delete max items
3963

3964
    * Fixed static large object manifest range requests
3965

3966
    * Prevent static large objects from containing other static large objects
3967

3968
    * Fixed issue with use of delimiter in container queries where some
3969
      objects would not be listed
3970

3971
    * Various other minor bug fixes and improvements
3972

3973

3974
swift (1.8.0, OpenStack Grizzly)
3975

3976
    * Make rings' replica count adjustable
3977

3978
    * Added a region tier to the ring above zones
3979

3980
    * Added timing-based sorting of object servers on read requests
3981

3982
    * Added support for auto-extract archive uploads
3983

3984
    * Added support for bulk delete requests
3985

3986
    * Added support for large objects with static manifests
3987

3988
    * Added list_endpoints middleware to provide an API for determining where
3989
      the ring places data
3990

3991
    * proxy-logging middleware can now handle logging for other middleware
3992

3993
      proxy-logging should be used twice in the proxy pipeline. The first
3994
      handles middleware logs for requests that never made it all the way
3995
      to the server. The last handles requests that do make it to the server.
3996

3997
      This is a change that may require an update to your proxy server
3998
      config file or custom middleware that you may be using. See the full
3999
      docs at https://docs.openstack.org/swift/latest/misc.html.
4000

4001
    * Changed the default sample rate for a few high-traffic requests.
4002

4003
      Added log_statsd_sample_rate_factor to globally tune the StatsD
4004
      sample rate. This tunable can be used to reduce StatsD traffic
4005
      proportionally for all metrics and is intended to replace
4006
      log_statsd_default_sample_rate, which is left alone for
4007
      backward-compatibility, should anyone be using it.
4008

4009
    * Added swift_hash_path_prefix option to swift.conf
4010

4011
      New deployments are advised to set this value to a random secret
4012
      to protect against hash collisions
4013

4014
    * Added user-managed container quotas
4015

4016
    * Added support for account-level quotas managed by an auth reseller
4017

4018
    * Added --run-dir option to swift-init
4019

4020
    * Added more options to swift-bench
4021

4022
    * Added support for CORS "actual requests"
4023

4024
    * Added fallocate_reserve option to protect against full drives
4025

4026
    * Allow ring rebalance to take a seed
4027

4028
    * Ring serialization will now produce the same gzip file (Py2.7)
4029

4030
    * Added support to swift-drive-audit for handling rotated logs
4031

4032
    * Added first-byte latency timings for GET requests
4033

4034
    * Added per disk PUT timing monitoring support
4035

4036
    * Added speed limit options for DB auditor
4037

4038
    * Force log entries to be one line
4039

4040
    * Ensure that fsync is used and not just fdatasync
4041

4042
    * Improved handoff node selection
4043

4044
    * Deprecated keystone is_admin feature
4045

4046
    * Fix large objects with unicode in the segment names
4047

4048
    * Update Swift's MemcacheRing to provide API compatibility with
4049
      standard Python memcache libraries
4050

4051
    * Various other minor bug fixes and improvements
4052

4053

4054
swift (1.7.6)
4055

4056
    * Better tempauth storage URL guessing
4057

4058
    * Added --top option to swift-recon -d
4059

4060
    * Allow optional, temporary healthcheck failure
4061

4062
    * keystoneauth middleware now supports cross-tenant ACLs
4063

4064
    * Add dispersion report flags to limit reports
4065

4066
    * Add config option to turn eventlet debug on/off
4067

4068
    * Added override option for swift-init's KILL_WAIT
4069

4070
    * Added oldest and most recent replication pass to swift-recon
4071

4072
    * Fixed 500 error response when GETing a many-segment manifest
4073

4074
    * Memcached keys now use a delta timeout when possible
4075

4076
    * Refactor DiskFile to hide temp file names and exts
4077

4078
    * Remove IP-based container-sync ACLs from auth middlewares
4079

4080
    * Fixed bug in deleting memcached account info data
4081

4082
    * Fixed lazy-listing of object manifest segments
4083

4084
    * Fixed bug where a ? in the object name caused an error
4085

4086
    * Swift now returns 406 if it can't satisfy Accept
4087

4088
    * Fix infinite recursion bug in object replicator
4089

4090
    * Swift will now reject names with NULL characters
4091

4092
    * Fixed object-auditor logging to use a minimum of unix sockets
4093

4094
    * Various other minor bug fixes and improvements
4095

4096

4097
swift (1.7.5)
4098

4099
    * Support OPTIONS verb, including CORS preflight requests
4100

4101
    * Added support for custom log handlers
4102

4103
    * Range support is extended to support GET requests with multiple ranges.
4104
      Multi-range GETs are not yet supported against large-object manifests.
4105

4106
    * Cluster constraints are now settable by config
4107

4108
    * Replicators can now run against specific devices or partitions
4109

4110
    * swift-bench now supports running on multiple cores and multiple servers
4111

4112
    * Added partition option to swift-get-nodes
4113

4114
    * Allow underscores in account and user in tempauth via base64 encodings
4115

4116
    * New option to the dispersion report to output the missing partitions
4117

4118
    * Changed storage server StatsD metrics to report timings instead of
4119
      counts for errors. See the admin guide for the updated metric names.
4120

4121
    * Removed a dependency on WebOb and replaced it with an internal module
4122

4123
    * Fixed config parsing in swift-bench -x
4124

4125
    * Fixed sample_rate in StatsD logging
4126

4127
    * Track unlinks of async_pendings with StatsD
4128

4129
    * Remove double GET on range requests
4130

4131
    * Allow unsetting of X-Container-Sync-To and ACL headers
4132

4133
    * DB reclamation now removes empty suffix directories
4134

4135
    * Fix non-standard 100-continue behavior
4136

4137
    * Allow object-expirer to delete the last copy of a versioned object
4138

4139
    * Only set TCP_KEEPIDLE on systems where it is supported
4140

4141
    * Fix stdin flush and fdatasync issues on BSD platforms
4142

4143
    * Allow object-expirer to delete the last version of an object
4144

4145
    * Various other minor bug fixes and improvements
4146

4147

4148
swift (1.7.4, OpenStack Folsom)
4149

4150
    * Fix issue where early client disconnects may have caused a memory leak
4151

4152

4153
swift (1.7.2)
4154

4155
    * Fix issue where memcache serialization was not properly loading
4156
      the config value
4157

4158

4159
swift (1.7.0)
4160

4161
    * Use custom encoding for ring data instead of pickle
4162

4163
      Serialize RingData in a versioned, custom format which is a combination
4164
      of a JSON-encoded header and .tostring() dumps of the
4165
      replica2part2dev_id arrays. This format deserializes hundreds of times
4166
      faster than rings serialized with Python 2.7's pickle (a significant
4167
      performance regression for ring loading between Python 2.6 and Python
4168
      2.7). Fixes bug 1031954.
4169

4170
      The new implementation is backward-compatible; if a ring
4171
      does not begin with a new-style magic string, it is assumed to be an
4172
      old-style pickle-dumped ring and is handled as before. So new Swift
4173
      code can read old rings, but old Swift code will not be able to read
4174
      newly-serialized rings.
4175

4176
    * Do not use pickle for serialization in memcache, but JSON
4177

4178
      To avoid issues on upgrades (unability to read pickled values, and cache
4179
      poisoning for old servers not understanding JSON), we add a
4180
      memcache_serialization_support configuration option, with the following
4181
      values:
4182

4183
       0 = older, insecure pickle serialization
4184
       1 = json serialization but pickles can still be read (still insecure)
4185
       2 = json serialization only (secure and the default)
4186

4187
      To avoid an instant full cache flush, existing installations should
4188
      upgrade with 0, then set to 1 and reload, then after some time (24
4189
      hours) set to 2 and reload. Support for 0 and 1 will be removed in
4190
      future versions.
4191

4192
    * Update proxy-server StatsD logging. This is a significant change to the
4193
      existing StatsD intigration. Docs for this feature can be found in
4194
      doc/source/admin_guide.rst.
4195

4196
    * Improved swift-bench to allow random object sizes and better usability
4197

4198
    * Updated probe tests
4199

4200
    * Replicator removal metrics are now generated on a per-device basis
4201

4202
    * Made object replicator locking more optimistic
4203

4204
    * Split proxy-server code into separate modules
4205

4206
    * Fixed bug where swift-recon would not report all unmounted drives
4207

4208
    * Fixed issue where a LockTimeout may have caused a file descriptor to
4209
      not be closed properly
4210

4211
    * Fixed a bug where an error may have caused the proxy to stop returning
4212
      data to a client
4213

4214
    * Fixed bug where expirer would get confused by odd deletion times
4215

4216
    * Fixed a bug where auto-creating accounts would return an error if they
4217
      were recreated after being deleted
4218

4219
    * Fix when rate_limit_after_segment kicks in
4220

4221
    * fallocate() failures properly return HTTPInsufficientStorage from
4222
      object-server before reading from wsgi.input, allowing the proxy
4223
      server to quickly error_limit that node
4224

4225
    * Fixed error with large object manifests and x-newest headers on GET
4226

4227
    * Various other minor bug fixes and improvements
4228

4229

4230
swift (1.6.0)
4231

4232
    * Removed bin/swift and swift/common/client.py from the swift repo. These
4233
      tools are now managed in the python-swiftclient project. The
4234
      python-swiftclient project is a second deliverable of the openstack
4235
      swift project.
4236

4237
    * Moved swift_auth (openstack keystone) middleware from keystone project
4238
      into swift project
4239

4240
    * Made dispersion report work with any replica count other than 3. This
4241
      substantially affects the JSON output of the dispersion report, and any
4242
      tools written to consume this output will need to be updated.
4243

4244
    * Added Solaris (Illumos) compatibility
4245

4246
    * Added -a option to swift-get-nodes to show all handoffs
4247

4248
    * Add UDP protocol support for logger
4249

4250
    * Added config options for rate limiting of large object downloads.
4251

4252
    * Added config option `log_handoffs` (defaults to True) to proxy server
4253
      to log and update statsd with information about when a handoff node is
4254
      used. This is helpful to track the health of the cluster.
4255

4256
    * swift-bench can now use auth 2.0
4257

4258
    * Support forbidding substrings based on a regexp in name_filter
4259
      middleware
4260

4261
    * Hardened internal server processes so only authorized methods can be
4262
      called.
4263

4264
    * Made ranged requests on large objects work correctly when size of
4265
      manifest file is not 0 byte
4266

4267
    * Added option to dispersion report to print 404s to stdout
4268

4269
    * Fix object replication on older rsync versions when using ipv4
4270

4271
    * Fixed bug with container reclaim/report race
4272

4273
    * Make object server's caching more configurable.
4274

4275
    * Check disk failure before syncing for each partition
4276

4277
    * Allow special characters to be referenced by manifest objects
4278

4279
    * Validate devices and partitions to avoid directory traversals
4280

4281
    * Support WebOb 1.2
4282

4283
    * Ensure that accessing the ring devs reloads the ring if necessary.
4284
      Specifically, this allows replication to work when it has been started
4285
      with an empty ring.
4286

4287
    * Various other minor bug fixes and improvements
4288

4289

4290
swift (1.5.0)
4291

4292
    * New option to toggle SQLite database preallocation with account
4293
      and container servers.
4294

4295
      IMPORTANT:
4296
      The default for database preallocation is now off when before
4297
      it was always on. This will affect performance on clusters that
4298
      use standard drives with shared account, container, object
4299
      servers. Such deployments will need to update their
4300
      configurations to turn database preallocation back on (see
4301
      account-server.conf-sample and container-server.conf.sample
4302
      files).
4303

4304
      If you are using dedicated account and container servers with
4305
      SSDs, you should defragment your file systems after upgrade and
4306
      should notice dramatically less disk usage.
4307

4308
    * swift3 middleware removed and moved to http://github.com/fujita/swift3.
4309
      This will require a config change in the proxy server and adds a new
4310
      dependency for deployers using this middleware.
4311

4312
    * Moved proxy server logging to middleware. This requires a config change
4313
      in the proxy server.
4314

4315
    * Added object versioning feature. (See docs for full description)
4316

4317
    * Add statsd logging throughout the system (beta, some event names may
4318
      change)
4319

4320
    * Expanded swift-recon middleware support
4321

4322
    * The ring builder now supports as-unique-as-possible partition
4323
      placement, unified balancing methods, and can work on more than one
4324
      device at a time.
4325

4326
    * Numerous bug fixes to StaticWeb (previously unusable at scale).
4327

4328
    * Bug fixes to all middleware to allow passthrough requests under various
4329
      conditions and to share pre-authed request code (which previously had
4330
      differing behaviors and interaction bugs).
4331

4332
    * Bug fix to object expirer that could cause infinite looping.
4333

4334
    * Added optional delay to account reaping.
4335

4336
    * Async-pending write optimization.
4337

4338
    * Dispersion tools now support multiple auth versions
4339

4340
    * Updated man pages
4341

4342
    * Proxy server can now deny requests to particular hostnames
4343

4344
    * Updated docs for domain remap middleware
4345

4346
    * Updated docs for cname lookup middleware
4347

4348
    * Made swift CLI binary easier to wrap
4349

4350
    * Proxy will now also return X-Timestamp header
4351

4352
    * Added associated projects doc as a place to track ecosystem projects
4353

4354
    * end_marker made consistent across both object and container listings
4355

4356
    * Various other minor bug fixes and improvements
4357

4358

4359
swift (1.4.8, OpenStack Essex)
4360

4361
    * Added optional max_containers_per_account restriction
4362

4363
    * Added alternate metadata header removal method
4364

4365
    * Added optional name_check middleware filter
4366

4367
    * Added support for venv-based test runs with tox
4368

4369
    * StaticWeb behavior change with X-Web-Mode: true and
4370
      non-StaticWeb-enabled containers (immediately 404s instead of passing
4371
      the request on down the WSGI pipeline).
4372

4373
    * Fixed typo in swift-dispersion-report JSON output.
4374

4375
    * Swift-Recon-related fix to create temporary files on the same disk as
4376
      their final destinations.
4377

4378
    * Updated return codes in swift3 middleware
4379

4380
    * Fixed swift3 middleware to allow Content-Range header in response
4381

4382
    * Updated swift.common.client and swift CLI tool with auth 2.0 changes
4383

4384
    * Swift CLI tool now supports common openstack auth args
4385

4386
    * Body of HTTP responses now included in error messages of swift CLI tool
4387

4388
    * Refactored some ring building functions for clarity and simplicity
4389

4390

4391
swift (1.4.7)
4392

4393
    * Improvements to account and container replication.
4394

4395
    * Fix for account servers allowing .pending to exist before .db.
4396

4397
    * Fixed possible key-guessing exploit in formpost.
4398

4399
    * Fixed bug in ring builder when removing a large percentage of devices.
4400

4401
    * Swift CLI tool now supports openstack-standard CLI flags.
4402

4403
    * New JSON output option for swift-dispersion-report.
4404

4405
    * Removed old stats tools.
4406

4407
    * Other bug fixes and documentation updates.
4408

4409

4410
swift (1.4.6)
4411

4412
    * TempURL and FormPost middleware added
4413

4414
    * Added memcache.conf option
4415

4416
    * Dropped eval-based json parser fallback
4417

4418
    * Properly lose all groups when dropping privileges
4419

4420
    * Fix permissions when creating files
4421

4422
    * Fixed bug regarding negative Content-Length in requests
4423

4424
    * Consistent formatting on Last-Modified response header
4425

4426
    * Added timeout option to swift-recon
4427

4428
    * Allow arguments to be passed to nosetest
4429

4430
    * Removed tools/rfc.sh
4431

4432
    * Other minor bug fixes
4433

4434

4435
swift (1.4.5)
4436

4437
    * New swift-orphans and swift-oldies command line tools to detect
4438
      orphaned Swift processes and long running processes.
4439

4440
    * Command line tool "swift" now supports marker queries.
4441

4442
    * StaticWeb middleware improved to save an extra request when
4443
      possible.
4444

4445
    * Updated swift-init to support swift-object-expirer.
4446

4447
    * Fixed object replicator timeout handling [bug 814263].
4448

4449
    * Fixed accept header 503 vs. 400 [bug 891247].
4450

4451
    * More exception handling for auditors.
4452

4453
    * Doc updates for PPA [bug 905608].
4454

4455
    * Doc updates to explain replication more clearly [bug 906976].
4456

4457
    * Updated SAIO instructions to no longer mention ~/swift/trunk.
4458

4459
    * Fixed docstrings in the ring code.
4460

4461
    * PEP8 Updates.
4462

4463

4464
swift (1.4.4)
4465

4466
    * Fixes to prevent socket hoarding (memory leak)
4467

4468
    * Add sockstat info to recon.
4469

4470
    * Fixed leak from SegmentedIterable.
4471

4472
    * Fixed bufferedhttp to deref socks and fps.
4473

4474
    * Add support for OS Auth API version 2.
4475

4476
    * Make Eventlet's WSGI server log differently.
4477

4478
    * Updated TimeoutError and except Exception refs.
4479

4480
    * Fixed time-sensitive tests.
4481

4482
    * Fixed object manifest etags.
4483

4484
    * Fixes for swift-recon disk usage distribution graph.
4485

4486
    * Adding new manpages for configuration files.
4487

4488
    * Change bzr to swift in getting_started doc.
4489

4490
    * Fixes the HTTPConflict import.
4491

4492
    * Expiring Objects Support.
4493

4494
    * Fixing bug with x-trans-id.
4495

4496
    * Requote the source when doing a COPY.
4497

4498
    * Add documentation for Swift Recon.
4499

4500
    * Make drive audit regexes detect 4-letter drives.
4501

4502
    * Adding what acc/cont/obj into the ratelimit error messages.
4503

4504
    * Query only specific zone via swift-recon.
4505

4506

4507
swift (1.4.3, OpenStack Diablo)
4508

4509
    * Additional quarantine catching code.
4510

4511
    * Added client_ip to all proxy log lines not otherwise containing it.
4512

4513
    * Content-Type is now application/xml for "GET services/bucket" swift3
4514
      middleware requests.
4515

4516
    * Alpha release of the Swift Recon Experiment
4517

4518
    * Fix last modified date for swift3 middleware.
4519

4520
    * Fix to clear account/container metadata on account/container deletion.
4521

4522
    * Fix for corner case regarding X-Newest.
4523

4524
    * Fix for object auditor running out of file descriptors.
4525

4526
    * Fix to return all proper headers for manifest objects.
4527

4528
    * Fix to the swift tool to strip any leading slashes on file names when
4529
      uploading.
4530

4531

4532
swift (1.4.2)
4533

4534
    * Removed stats/logging code from Swift [now in separate slogging project].
4535

4536
    * Container Synchronization Feature - First Edition
4537

4538
    * Fix swift3 authentication bug about the Date and X-Amz-Date handling.
4539

4540
    * Changing ratelimiting so that it only limits PUTs/DELETEs.
4541

4542
    * Object POSTs are implemented as COPYs now by default (you can revert to
4543
      previous implementation with conf object_post_as_copy = false)
4544

4545
    * You can specify X-Newest: true on GETs and HEADs to indicate you want
4546
      Swift to query all backend copies and return the newest version
4547
      retrieved.
4548

4549
    * Object COPY requests now always copy the newest object they can find.
4550

4551
    * Account and container GETs and HEADs now shuffle the nodes they use to
4552
      balance load.
4553

4554
    * Fixed the infinite charset: utf-8 bug
4555

4556
    * This fixes the bug that drop_buffer_cache() doesn't work on systems where
4557
      off_t isn't 64 bits.
4558

4559

4560
swift (1.4.1)
4561

4562
    * st renamed to swift
4563

4564
    * swauth was separated froms swift. It is now its own project and can be
4565
      found at https://github.com/gholt/swauth.
4566

4567
    * tempauth middleware added as an extremely limited auth system for dev
4568
      work.
4569

4570
    * Account and container listings now properly labeled UTF-8 (previously the
4571
      label was "utf8").
4572

4573
    * Accounts are auto-created if an auth token is valid when the
4574
      account_autocreate proxy config parameter is set to true.
4575

4576

4577
swift (1.4.0)
4578

4579
    * swift-bench now cleans up containers it creates.
4580

4581
    * WSGI servers now load WSGI filters and applications after forking for
4582
      better plugin support.
4583

4584
    * swauth-cleanup-tokens now handles 404s on token containers and tokens
4585
      better.
4586

4587
    * Proxy logs the remote IP address as the client IP in the absence of
4588
      X-Forwarded-For and X-Cluster-Client-IP headers instead of - like it did
4589
      before.
4590

4591
    * Swift3 WSGI middleware added support for param-signed URLs.
4592

4593
    * swauth- scripts now exit with proper exit codes.
4594

4595
    * Fixed a bug where allowed_headers weren't honored for HEAD requests.
4596

4597
    * Double quarantining of corrupted sqlite3 databases now works.
4598

4599
    * Fix for Object replicator breaking when running object replicator with no
4600
      objects on the server.
4601

4602
    * Added the Accept-Ranges header to GET and HEAD requests.
4603

4604
    * When a single object has multiple async pending updates on a single
4605
      device, only latest async pending is now sent.
4606

4607
    * Fixed issue of Swift3 WSGI middleware not working correctly with '/' in
4608
      object names.
4609

4610
    * Renamed swift-stats-* to swift-dispersion-* to avoid confusion with log
4611
      stats stuff.
4612

4613
    * Added X-Trans-Id transaction id header to every response.
4614

4615
    * Fixed a Python 2.7 compatibility problem.
4616

4617
    * Now using bracketed notation for ip literals in rsync calls, so
4618
      compressed ipv6 literals work.
4619

4620
    * Added a container stats collector and refactoring some of the stats code.
4621

4622
    * Changed subdir nodes in XML formatted object listings to align with
4623
      object nodes. Now: <subdir name="foo"><name>foo</name></subdir> Before:
4624
      <subdir name="foo" />.
4625

4626
    * Fixed bug in Swauth to support for multiple swauth instances.
4627

4628
    * swift-ring-builder: Added list_parts command which shows common
4629
      partitions for a given list of devices.
4630

4631
    * Object auditor now shows better statistics updates in the logs.
4632

4633
    * Stats uploaders now allow overrides for source_filename_pattern and
4634
      new_log_cutoff values.
4635

4636

4637
----
4638

4639
Changelog entries for previous versions are incomplete
4640

4641
swift (1.3.0, OpenStack Cactus)
4642

4643
swift (1.2.0, OpenStack Bexar)
4644

4645
swift (1.1.0, OpenStack Austin)
4646

4647
swift (1.0.0, Initial Release)
4648