Release 2021_040 (2021-12-16)¶

Impact¶

[NixOS 21.05] Postgresql, Elasticsearch and Grafana will be restarted.
[NixOS 21.05] Jitsi will be restarted and running conferences will be interrupted for some seconds.
[NixOS 20.09] Elasticsearch will be restarted.

[hotfix] graylog: update to 3.3.15 which contains the log4j2 fix for CVE-2021-44228. Systems using Graylog are already protected by the "-Dlog4j2.formatMsgNoLookups=true" setting we have rolled out (#PL-130250).
Improve backup restore utilities to allow restore operations while backups are running (#PL-129786).
Improve backup restore utilities memory usage to allow single file restore working on extremely large multi-terabyte volumes (#PL-130044).
Jitsi: update package versions to latest stable release and tune video stream settings to improve quality and stability. Add an option to activate the pre-join page which allows users to check their audio/video and change settings before the conference starts (#PL-130249).
Elasticsearch: fix log4j2 CVE-2021-44228 by setting -Dlog4j2.formatMsgNoLookups=true. Without this, Elasticsearch is susceptible to a minor information leak about the system environment. Remote code execution was never possible via Elasticsearch (#PL-130251).
Pull upstream NixOS changes that include security fixes and other updates (#PL-130255):
- nss: 3.64 -> 3.68.1
- nss_latest: 3.71 -> 3.73
- nspr: 4.30 -> 4.32
- strace: 5.14 -> 5.15
- grafana: 7.5.11 -> 7.5.12 (CVE-2021-43813)
Production channel URL for this release: https://hydra.flyingcircus.io/build/121678/download/1/nixexprs.tar.xz

Elasticsearch: fix log4j2 CVE-2021-44228 by setting -Dlog4j2.formatMsgNoLookups=true. Without this, Elasticsearch is susceptible to a minor information leak about the system environment. Remote code execution was never possible via Elasticsearch (#PL-130251).
Production channel URL for this release: https://hydra.flyingcircus.io/build/121594/download/1/nixexprs.tar.xz