# Stork 1.10.0 Release Notes, April 5 2023 Welcome to Stork 1.10.0, another development release. The changes introduced in this version are: 1. **Kea Configuration Review Improvements**: Added new checker that warns if Basic Auth is used in an insecure way in Kea Control Agent [#945]. Added new checker that warns if Subnet commands and Config Backend hooks are used together [#940]. Added new checker that warns if size of the pool equals number of host reservations [#941]. Added new checker that warns if the multi-threading is enabled for Kea packet processing but not for HA processing [#944]. 2. **Kea Configuration Management**: The work continues towards the capability to manage subnets. In this release, we refactored the code pertaining to processing the Kea configuration in the Stork server. It introduces no new user-visible functionality, but the number of code changes is significant and thus noted in the ChangeLog and Release Notes [#942]. The data model now retains much more information about Kea DHCP parameters [#952]. 3. **BIND 9 support improvements**: BIND 9 detection code has been expanded and is now more robust. It now can also attempt to look at more default locations for config files, use `named -V` to discover built-in locations and also use `STORK_BIND9_CONFIG` environment variable to look for a specific BIND9 config file. The detection process is also now more verbose. Enabling DEBUG logging level may help [#831]. The rndc key is now detected properly. The key value is visible only for super-administrators [#997]. 4. **UI improvements**: The new reservation added via Stork appears on all lists instantly, not after the next refresh [#996]. The content of the subnets column is now sorted [#855]. Fixed a problem with periodically showing the HA loading indicator when High Availability was not configured [#969]. Fixed the problem with displaying subnet utilization bars on the shared network page. The bars for IA_NA and IA_PD were always shown, even when they had no corresponding subnet pools [#970]. 5. **Agent improvements**: The agent now attempts to pull statistics only from daemons that are running. This should greatly limit the amount of logs generated by both Stork agent and the Kea control agent. This change may help for repeated CTRL_AGENT_COMMAND_FORWARD_FAILED logs by Kea control agent [#933]. 6. **Security**: Fixed the path traversal vulnerability that allowed everyone to check the existence of any file on the filesystem [#987]. Added support for passwordless connections for databases. The Postgres server can now be reached over sockets. It allows securing the connection using the `trust` and `host` authentication modes [#858]. Expanded Stork ARM with an explanation how to fix potential problems with self-signed certificates [#543]. Fixed integer-casting issues reported by CodeQL [#982]. 7. **Build improvements**: Updated Angular, PrimeNG, GoSwagger, and OpenAPI generator [#981]. Changed the executable paths configured in the default systemd service files to absolute [#972]. Migrated from outdated `docker-compose` to more recent `docker compose` [#979]. 8. **Bug fixes**: A user without any groups can now log out properly [#1004]. Fixed ignoring URL segments in the Grafana base address [#980]. Added a human-readable representation of the event level in the dump package [#971]. Please see this link for known issues: https://gitlab.isc.org/isc-projects/stork/-/wikis/Known-issues. ## Incompatible Changes None. ## Release Model Stork has bi-monthly development releases, with some exceptions. We encourage users to test the development releases and report back their findings on the stork-users mailing list, available at https://lists.isc.org/mailman/listinfo/stork-users. This text references issue numbers. For more details, visit the Stork GitLab page at https://gitlab.isc.org/isc-projects/stork/issues. ## License Stork is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 ## Download The easiest way to install the software is to use native deb or RPM packages. They can be downloaded from: https://cloudsmith.io/~isc/repos/stork/ The Stork source and PGP signature for this release may be downloaded from: https://downloads.isc.org/isc/stork The signature was generated with the ISC code-signing key, which is available at: https://www.isc.org/pgpkey ISC provides documentation in the Stork Administrator Reference Manual (ARM). It is available on ReadTheDocs.io at https://stork.readthedocs.io/en/latest/, and in source form in [the doc/ directory](https://gitlab.isc.org/isc-projects/stork/-/tree/master/doc). We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the stork-users mailing list (https://lists.isc.org/mailman/listinfo/stork-users). We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Stork GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/mailinglists/. If you have any comments or questions about working with Stork, please share them to the stork-users list (https://lists.isc.org/mailman/listinfo/stork-users). Bugs and feature requests may be submitted via GitLab at https://gitlab.isc.org/isc-projects/stork/issues. ## Changes The following summarizes changes and important upgrades since the previous Stork release versioned 1.9.0. * 298 [func] marcin New and updated host reservations are instantly visible in Stork after submitting the form. (Gitlab #996) * 297 [build] slawek Fixed the security vulnerabilities reported by the Github Dependabot and updated dependencies including the Angular, PrimeNG, GoSwagger and OpenAPI Generator. (Gitlab #981) * 296 [bug] slawek Fixed the path traversal vulnerability that allowed everyone to check the existence of any file on the filesystem. (Gitlab #987) * 295 [bug] slawek Fixed fetching the authorization keys from BIND 9 configuration. The key value is visible only for super-administrators. (Gitlab #997) * 294 [build] slawek Changed the executable paths configured in the default SystemD service files to absolute. (Gitlab #972) * 293 [bug] slawek Fixed a problem whereby a user not assigned to any groups could not log out. (Gitlab #1004) * 292 [func] slawek Added the configuration review checker to verify that the Stork Agent and Kea Control Agent communicate over TLS if the Kea Control Agent requires the HTTP credentials (i.e., Basic Auth). (Gitlab #945) * 291 [build] slawek Upgrade the docker compose used in demo and system tests to V2 version. The V1 version is still supported for backward compatibility. (Gitlab #979) * 290 [func] slawek Added support for connecting to the Postgres server over sockets. It allows securing the connection using the "trust" and "host" authentication modes. (Gitlab #858) * 289 [bug] slawek Fixed ignoring URL segments in the Grafana base address. (Gitlab #980) * 288 [bug] razvan The content of subnets column is now sorted. (Gitlab #855) * 287 [func] slawek Added a human-readable representation of the event level in the dump package. (Gitlab #971) * 286 [func] marcin Refactored the code pertaining to processing the Kea configuration in the Stork server. It introduces no new user-visible functionality, but the number of code changes is significant and thus noted in the ChangeLog. (Gitlab #942) * 285 [bug] tomek BIND 9 detection code has been expanded and is now more robust. It now can also attempt to look at more default locations for config files, use named -V to discover built-in locations and also use STORK_BIND9_CONFIG to explicitly tell where to look for a BIND9 config file. The detection process is also now more verbose. Enabling DEBUG logging level may help. (Gitlab #831) * 284 [func] slawek The Prometheus exporter no longer attempts to communicate with non-configured Kea servers. It avoids producing repetitive error logs in the Kea Control Agent and the Stork Agent. (Gitlab #933) * 283 [bug] slawek Fixed a problem with periodically showing the HA loading indicator when High Availability was not configured. (Gitlab #969) * 282 [bug] slawek Fixed the problem with displaying subnet utilization bars on the shared network page. The bars for IA_NA and IA_PD were always shown, even when they had no corresponding subnet pools. (Gitlab #970) * 281 [func] slawek Added a preliminary implementation of the hook framework. (Gitlab #779) * 280 [func] slawek Implemented a new Kea configuration checker to detect if the subnet commands hook is simultaneously used with the configuration backend database and suggest replacing it with the configuration backend command hook. (Gitlab #940) * 279 [func] slawek Added the Kea configuration checkers reporting when there are static reservations for all addresses or delegated prefixes in the pools. (Gitlab #941) * 278 [func] slawek Added the configuration review checkers to detect common misconfigurations related to the HA multi-threading mode. The first checker suggests enabling the HA+MT if Kea uses multi-threading, and the second validates that HA peers use dedicated ports rather than Kea Control Agent's port when the dedicated listeners are enabled. (Gitlab #944) Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.