Author: elserj
Date: Mon Feb 16 22:31:30 2015
New Revision: 1660234
URL: http://svn.apache.org/r1660234
Log:
Added POODLE and filemanager semaphore changes
Modified:
accumulo/site/trunk/content/release_notes/1.6.2.mdtext
Modified: accumulo/site/trunk/content/release_notes/1.6.2.mdtext
URL:
http://svn.apache.org/viewvc/accumulo/site/trunk/content/release_notes/1.6.2.mdtext?rev=1660234&r1=1660233&r2=1660234&view=diff
==============================================================================
--- accumulo/site/trunk/content/release_notes/1.6.2.mdtext (original)
+++ accumulo/site/trunk/content/release_notes/1.6.2.mdtext Mon Feb 16 22:31:30
2015
@@ -121,15 +121,27 @@ submission operates as previously.
## Performance Improvements
-Apache Accumulo 1.6.2 includes a number of performance-related fixes over
previous versions.
+### User scans can block root and metadata table scans
-### Improvement 1
+The TabletServer provides a feature to limit the number of open files as a
resource management configuration.
+To perform a scan against a normal table, the metadata and root table, when
not cached, need to be consulted
+first. With a sufficient number of concurrent scans against normal tables,
adding to the open file count,
+scans against the metadata and root tables could be blocked from running
because no files can be opened.
+This prevents other system operations from happening as expected.
[ACCUMULO-3297][16] fixes the internal semaphore
+used to implement this resource management to ensure that root and metadata
table scans can proceed.
-### Improvement 2
## Other improvements
-### Improvement 1
+### Limit available ciphers for SSL/TLS
+
+Since Apache Accumulo 1.5.2 and 1.6.1, the [POODLE][17] man-in-the-middle
attack was found which exploits a client's
+ability to fallback to the SSLv3.0 protocol. The main mitigation strategy was
to prevent the use of old ciphers/protocols
+when using SSL connectors. In Accumulo, both the Apache Thrift RPC servers and
Jetty server for the Accumulo
+monitor have the ability to enable SSL. [ACCUMULO-3316][18] is the parent
issue which provides new configuration
+properties in accumulo-site.xml which can limit the accepted
ciphers/protocols. By default, insecure or out-dated
+protocols have been removed from the default set in order to protect users by
default.
+
## Documentation
@@ -160,11 +172,11 @@ and, in HDFS High-Availability instances
</tr>
<tr>
<td>CentOS 6</td>
- <td>Keith TBD</td>
+ <td><strong>Keith TBD<strong></td>
<td>20</td>
- <td>Keith TBD</td>
+ <td><strong>Keith TBD<strong></td>
<td>No</td>
- <td>(Keith Verify this) ContinuousIngest w/ verification w/ and w/o
agitation (31B and 21B entries, respectively)</td>
+ <td><strong>Keith Verify this<strong> ContinuousIngest w/ verification w/
and w/o agitation (31B and 21B entries, respectively)</td>
</tr>
</table>
@@ -183,4 +195,7 @@ and, in HDFS High-Availability instances
[12]: https://issues.apache.org/jira/browse/ACCUMULO-3233
[13]: https://issues.apache.org/jira/browse/ACCUMULO-3351
[14]: https://issues.apache.org/jira/browse/ACCUMULO-3462
-[15]: https://issues.apache.org/jira/browse/ACCUMULO-3230
\ No newline at end of file
+[15]: https://issues.apache.org/jira/browse/ACCUMULO-3230
+[16]: https://issues.apache.org/jira/browse/ACCUMULO-3297
+[17]: http://en.wikipedia.org/wiki/POODLE
+[18]: https://issues.apache.org/jira/browse/ACCUMULO-3316
\ No newline at end of file
