If you don’t want the story, skip to the details.
tl;dr
This quarter’s release brings post-quantum full disk encryption (using hybrid RSA/ML-KEM) and automated cluster-wide SSH key management, fundamentally strengthening our security posture while eliminating tedious manual operations. The Glasshouse Web UI now handles cluster-wide configurations and UEFI boot management, plus we’ve patched over 70 CVEs and fixed critical issues, including CVE-2024-13058, making this update a significant leap forward in both security and usability.
The quantum frontier: Not just for physics majors anymore
The headline feature of this quarter’s release is our implementation of post-quantum full disk encryption. While we’re not suggesting that quantum computers are about to crack your existing encryption tomorrow, we believe in the “why not now?” approach to security. Our hybrid RSA and ML-KEM implementation ensures you’re protected against both current and future threats, all while maintaining practical usability through Yubikey 5-series hardware token support.
Think of it as installing a lock that’s both pick-resistant today and zombie-proof for the apocalypse – it’s about being prepared without sacrificing convenience.
Death to manual SSH key management
If you’ve ever found yourself playing “copy-paste symphony” with SSH keys across your cluster, we have some good news. Admin group “0” users can now synchronize their SSH keys automatically across the entire cluster. It’s like having a really efficient personal assistant who happens to specialize in public key infrastructure.
The UI revolution continues
The Glasshouse Web UI continues its evolution from “functional” to “actually pleasant to use.” Now, you can manage cluster-wide configurations, including cluster names, SSH keys, and dashboard network settings, all from one place. We’ve also added UEFI boot configuration for VMs – because sometimes pointing and clicking is nicer than editing config files.
Bug fixes: Because security never sleeps
We’ve tackled a significant security issue (CVE-2024-13058) that could allow non-admin authenticated users to create data pools. Consider this our reminder that with great power comes great responsibility – and proper access controls.
The storage subsystem’s auto scaler and balancer have been fixed to work with non-default storage classes, making your storage as flexible as it should have been from the start. We’ve also resolved some amusing mcelog confusion that had our AMD processors wondering why they were being treated like Intel chips.
VM Squared: Now with more accountability
For those running VM Squared, all shell commands now get logged to syslog. It’s like having security cameras in your virtual infrastructure – except instead of catching who ate the last donut, you’re tracking who spawned that resource-hungry VM.
Under the hood
We’ve patched an impressive array of CVEs – over 70 of them, in fact. While listing them all would make this post longer than a blockchain transaction history, rest assured that your security posture is significantly improved.
What’s next?
While we can’t predict the future (quantum or otherwise), we’re continuing our mission to make infrastructure management both more secure and more enjoyable. Our firmware updates across ARM UEFI, X86 UEFI, and BMC platforms ensure you’re running on the latest stable foundation.
Remember, this isn’t just a software update – it’s our ongoing commitment to keeping your infrastructure ahead of the curve, whether that curve involves quantum computers, security threats, or just the daily challenges of cluster management.
For the complete technical details, check out our release notes. And as always, we’re here to help if you need assistance with the upgrade process.
Stay quantum-ready, friends.
The SoftIron Team
