8.2. Release Notes

8.2.1. LOCKSS 2.0.43-alpha4

Released: 2021-12-15

Also known as: LOCKSS 2.0-alpha4c

LOCKSS 2.0.43-alpha4 (also known as LOCKSS 2.0-alpha4c) is a security release and the latest release of the LOCKSS 2.0-alpha4 system. It addresses security vulnerabilities in Apache Log4j 2.x. See CVE-2021-45105 and CVE-2021-44832 in our Security Advisories.

Release Notes

• Custom versions of embedded Solr and OpenWayback with Log4j 2.16.0 (CVE-2021-45105).

Component Versions

LOCKSS 2.0.43-alpha4 consists of a configurable set of the following components:

• LOCKSS Installer version 2.0.43-alpha4

• LOCKSS Repository Service version 2.11.0

• LOCKSS Configuration Service version 2.5.0

• LOCKSS Poller Service version 2.3.0

• LOCKSS Metadata Extraction Service version 2.4.0

• LOCKSS Metadata Service version 2.3.0

• PostgreSQL version 9.6.12

• Apache Solr version 7.2.1

• Pywb version 2.4.2

• OpenWayback version 2.4.0 (custom version 2.4.0-3)

8.2.2. LOCKSS 2.0.42-alpha4

Released: 2021-12-13

Also known as: LOCKSS 2.0-alpha4b

LOCKSS 2.0.42-alpha4 (also known as LOCKSS 2.0-alpha4b) is a security release of the LOCKSS 2.0-alpha4 system. It addresses security vulnerabilities in Apache Log4j 2.x. See CVE-2021-44228, CVE-2021-45046 and CVE-2021-4104 in our Security Advisories.

Release Notes

• Run LOCKSS services, Solr and OpenWayback with Log4j2 mitigation (CVE-2021-44228).

Component Versions

LOCKSS 2.0.42-alpha4 consists of a configurable set of the following components:

• LOCKSS Installer version 2.0.42-alpha4

• LOCKSS Repository Service version 2.11.0

• LOCKSS Configuration Service version 2.5.0

• LOCKSS Poller Service version 2.3.0

• LOCKSS Metadata Extraction Service version 2.4.0

• LOCKSS Metadata Service version 2.3.0

• PostgreSQL version 9.6.12

• Apache Solr version 7.2.1

• Pywb version 2.4.2

• OpenWayback version 2.4.0

8.2.3. LOCKSS 2.0.41-alpha4

Released: 2021-06-28

Also known as: LOCKSS 2.0-alpha4a

LOCKSS 2.0.41-alpha4 (also known as LOCKSS 2.0-alpha4a) is the first release of the LOCKSS 2.0-alpha4 system.

Release Notes

• Containers are now orchestrated by K3s, a lightweight Kubernetes distribution by Kubernetes vendor Rancher. K3s is compatible with most Linux flavors and comes with a convenient multi-OS installer.

• Content is now stored in compressed WARC files by default.

• Numerous bug fixes and enhancements in the repository service and underlying componentry, delivering more reliability and performance in error handling, scalability, and content replay.

• Many security enhancements, including support for firewalld and ufw, containers not running as root internally, the lockss user no longer needing sudo privileges, Solr authentication, and LCAP SSL support with TLSv1.2 by default.

• Web user interface enhancements, including LCAP SSL key generation and support for the Kubernetes dashboard.

Component Versions

LOCKSS 2.0.41-alpha4 consists of a configurable set of the following components:

• LOCKSS Installer version 2.0.41-alpha4

• LOCKSS Repository Service version 2.11.0

• LOCKSS Configuration Service version 2.5.0

• LOCKSS Poller Service version 2.3.0

• LOCKSS Metadata Extraction Service version 2.4.0

• LOCKSS Metadata Service version 2.3.0

• PostgreSQL version 9.6.12

• Apache Solr version 7.2.1

• Pywb version 2.4.2

• OpenWayback version 2.4.0