Red Hat SummitRelease Notes
New features, known issues, and resolved issues
Abstract
Making open source more inclusive
Red Hat is committed to replacing problematic language in our code, documentation, and web properties. We are beginning with these four terms: master, slave, blacklist, and whitelist. Because of the enormity of this endeavor, these changes will be implemented gradually over several upcoming releases. For more details, see our CTO Chris Wright’s message.
Chapter 1. Introduction
Migration Toolkit for Applications 6.1 accelerates large-scale application modernization efforts across hybrid cloud environments on Red Hat OpenShift. This solution provides insight throughout the adoption process, at both the portfolio and application levels: inventory, assess, analyze, and manage applications for faster migration to OpenShift via the user interface.
These release notes cover all z-stream releases of MTA 6.1 with the most recent release listed first.
Chapter 2. MTA 6.1.4
2.1. Resolved issues
MTA version 6.1.4 has the following resolved issues.
CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in the handling of multiplexed streams in the HTTP/2 protocol, which is utilized by Migration Toolkit for Applications (MTA). A client could repeatedly make a request for a new multiplex stream then immediately send an RST_STREAM frame to cancel those requests. This activity created additional workloads for the server in terms of setting up and dismantling streams, but avoided any server-side limitations on the maximum number of active streams per connection. As a result, a denial of service occurred due to server resource consumption.
The following issues have been listed under this issue:
For more details, see CVE-2023-44487 (Rapid Reset Attack).
CVE-2023-39325: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack in the Go language packages)
The HTTP/2 protocol is susceptible to a denial of service attack because request cancellation can reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This results in a denial of service due to server resource consumption.
The following issues have been listed under this issue:
For more details, see CVE-2023-39325 (Rapid Reset Attack in the Go language packages).
Chapter 3. MTA 6.1.3
3.1. Container grade release
This release is a Container Grade Only (CGO) release.
3.2. Known issues
MTA version 6.1.3 has the following issues.
Application assessment: Save as draft does not function as expected
On the Application assessment form, Save as draft does not function as expected. MTA-1207
For a complete list of all known issues in this release, see the list of Known Issues in Jira.
Chapter 4. MTA 6.1.2
4.1. Container grade release
This release is a Container Grade Only (CGO) release.
Chapter 5. MTA 6.1.1
5.1. New features and improvements
At the time of release, there are no new features in this release.
5.2. Known issues
At the time of release, there are no known issues in this release.
5.3. Resolved issues
At the time of the release, the following resolved issue has been identified as the major issue worth highlighting:
RHSSO
The release of MTA 6.1.1 resolves the issue that users experienced after the the release of version 7.6.3 of Red Hat Single Sign-On (RH-SSO), which rendered many new installations of MTA 6.x unusable. For more information on this issue, see RHSSO-2514.
Chapter 6. MTA 6.1.0
6.1. New features and improvements
This section describes the new features and improvements of the Migration Toolkit for Applications (MTA) 6.1.0.
Creating custom migration targets
Administrators and architects can create and maintain custom migration targets and populate them with custom rules from a repository. Such custom migration targets are available for use by non-admin users. This simplifies the process of analysis configuration for applications with similar technologies that are common across the entire application portfolio of an organization.
Automated tagging of resources
MTA uses the technology stack information that the analysis module collects during an analysis to generate tags and to attach them automatically to applications.
Downloading HTML and CSV analysis reports
Users can download HTML and CSV reports generated by application analysis. By default, this option is disabled; it can be enabled in the new General menu in Administration view.
Reviewing an application without an assessment
Architects can review applications without running assessments first. By default, this option is disabled; it can be enabled in the new General menu in Administration view.
Support for disconnected installation
MTA fully supports disconnected installation in air-gapped OpenShift Container Platform environments.
Changes in naming
Some entities and menu entries of the MTA user interface have been renamed for clarity. The Administrator and Developer views have been renamed to Administration and Migration, respectively. Tag Types are now named Tag Categories.
6.2. Known issues
In this release, the following known issues have been identified.
CVE-2023-44487 HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)
A flaw was found in the handling of multiplexed streams in the HTTP/2 protocol, which is utilized by Migration Toolkit for Applications (MTA). A client could repeatedly make a request for a new multiplex stream then immediately send an RST_STREAM frame to cancel those requests. This activity created additional workloads for the server in terms of setting up and dismantling streams, but avoided any server-side limitations on the maximum number of active streams per connection. As a result, a denial of service occurred due to server resource consumption.
The following issues have been listed under this issue:
To resolve this issue, upgrade to MTA 6.1.4.
For more details, see CVE-2023-44487 (Rapid Reset Attack)
CVE-2023-39325: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack in the Go language packages)
The HTTP/2 protocol is susceptible to a denial of service attack because request cancellation can reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This results in a denial of service due to server resource consumption.
The following issues have been listed under this issue:
To resolve this issue, upgrade to MTA 6.1.4.
For more information, see CVE-2023-39325 (Rapid Reset Attack in the Go language packages).
Application analysis fails if the name of custom rules directory has spaces
During the configuration of an application analysis, if the user fetches custom rules from a repository using the CLI and the root path contains spaces, the CLI command is not properly composed and the analysis fails. The user must make sure that there are no spaces in the name of the directory from which custom rules are taken.
6.3. Resolved issues
For a complete list of all issues resolved in this release, see the list of MTA 6.1.0 resolved issues in Jira.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}