accumulo-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From els...@apache.org
Subject svn commit: r1660234 - /accumulo/site/trunk/content/release_notes/1.6.2.mdtext
Date Mon, 16 Feb 2015 22:31:30 GMT
Author: elserj
Date: Mon Feb 16 22:31:30 2015
New Revision: 1660234

URL: http://svn.apache.org/r1660234
Log:
Added POODLE and filemanager semaphore changes

Modified:
    accumulo/site/trunk/content/release_notes/1.6.2.mdtext

Modified: accumulo/site/trunk/content/release_notes/1.6.2.mdtext
URL: http://svn.apache.org/viewvc/accumulo/site/trunk/content/release_notes/1.6.2.mdtext?rev=1660234&r1=1660233&r2=1660234&view=diff
==============================================================================
--- accumulo/site/trunk/content/release_notes/1.6.2.mdtext (original)
+++ accumulo/site/trunk/content/release_notes/1.6.2.mdtext Mon Feb 16 22:31:30 2015
@@ -121,15 +121,27 @@ submission operates as previously.
 
 ## Performance Improvements
 
-Apache Accumulo 1.6.2 includes a number of performance-related fixes over previous versions.
+### User scans can block root and metadata table scans
 
-### Improvement 1
+The TabletServer provides a feature to limit the number of open files as a resource management
configuration.
+To perform a scan against a normal table, the metadata and root table, when not cached, need
to be consulted
+first. With a sufficient number of concurrent scans against normal tables, adding to the
open file count,
+scans against the metadata and root tables could be blocked from running because no files
can be opened. 
+This prevents other system operations from happening as expected. [ACCUMULO-3297][16] fixes
the internal semaphore
+used to implement this resource management to ensure that root and metadata table scans can
proceed.
 
-### Improvement 2
 
 ## Other improvements
 
-### Improvement 1
+### Limit available ciphers for SSL/TLS
+
+Since Apache Accumulo 1.5.2 and 1.6.1, the [POODLE][17] man-in-the-middle attack was found
which exploits a client's
+ability to fallback to the SSLv3.0 protocol. The main mitigation strategy was to prevent
the use of old ciphers/protocols
+when using SSL connectors. In Accumulo, both the Apache Thrift RPC servers and Jetty server
for the Accumulo
+monitor have the ability to enable SSL. [ACCUMULO-3316][18] is the parent issue which provides
new configuration
+properties in accumulo-site.xml which can limit the accepted ciphers/protocols. By default,
insecure or out-dated
+protocols have been removed from the default set in order to protect users by default.
+
 
 ## Documentation
 
@@ -160,11 +172,11 @@ and, in HDFS High-Availability instances
   </tr>
   <tr>
     <td>CentOS 6</td>
-    <td>Keith TBD</td>
+    <td><strong>Keith TBD<strong></td>
     <td>20</td>
-    <td>Keith TBD</td>
+    <td><strong>Keith TBD<strong></td>
     <td>No</td>
-    <td>(Keith Verify this) ContinuousIngest w/ verification w/ and w/o agitation (31B
and 21B entries, respectively)</td>
+    <td><strong>Keith Verify this<strong> ContinuousIngest w/ verification
w/ and w/o agitation (31B and 21B entries, respectively)</td>
   </tr>
 </table>
 
@@ -183,4 +195,7 @@ and, in HDFS High-Availability instances
 [12]: https://issues.apache.org/jira/browse/ACCUMULO-3233
 [13]: https://issues.apache.org/jira/browse/ACCUMULO-3351
 [14]: https://issues.apache.org/jira/browse/ACCUMULO-3462
-[15]: https://issues.apache.org/jira/browse/ACCUMULO-3230
\ No newline at end of file
+[15]: https://issues.apache.org/jira/browse/ACCUMULO-3230
+[16]: https://issues.apache.org/jira/browse/ACCUMULO-3297
+[17]: http://en.wikipedia.org/wiki/POODLE
+[18]: https://issues.apache.org/jira/browse/ACCUMULO-3316
\ No newline at end of file



Mime
View raw message