Opencast: Upgrade to version 14
Improvements:
- Paella Player 7 as default player
- several bugfixes
- all Release Notes
Temporary Deactivation of User Namespaces
Update 08.02.24:
We have installed a bugfix release for the affected software component and enabled user namespaces again.
Dear users,
due to an open security issue we are required to disable the feature of so-called user namespaces on the cluster. This feature is mainly used by containerization software and affects the way apptainer containers will behave. The changes are effective immediately. Most users should not experience any interruptions. If you experience any problems, please contact us as usual via servicedesk@itc.rwth-aachen.de with a precise description of the features you are using. We will reactivate user namespaces as soon as we can install the necessary fixes for the aforementioned vulnerability.
Release Notes Version 2.10.0 – Support of different time zones
Features:
- Support for time zones in time displays has been introduced
- A message is now displayed if no Moodle courses are available
Improvements and bug fixes:
- Overlay button behavior has been improved
- Various bug fixes
Terrapin Attack Counter Measures (SSH)
A recently discovered flaw in the implementation of the Secure Shell (SSH) protocol lead to an attack vector called “Terrapin Attack” enables an attacker to break the integrity of the “secure shell” connection in order weaken the overall security. TL;DR To implement an effective counter measure against the attack, we have disabled the affected methods in the HPC cluster’s SSH configuration. Consequently, these methods cannot be used until further notice:
- Ciphers: ChaCha20-Poly1305
- MACs: Any etm method (e.g. hmac-sha2-512-etm@openssh.com)
Please adapt your configuration accordingly if your configuration is relying on the methods mentioned above.
The attack is only feasible when a using either the ChaCha20-Poly1305 Cipher or a combination of a Cipher Block Chaining (CBC) cipher (or, in theory, a Counter Mode (CTR) cipher) combined with an encrypt then MAC (etm) message authentication code (MAC) method and the attacker has the ability to act as a man-in-the-middle. (Example: A security suite on your client machine may perform a deep packet inspection (per definition a (hopefully “good”) man-in-the-middle) to protect you from other threats.)
The Galois Counter Mode (GCM) AES ciphers are not affected.
We encourage you to employ strong encryption ciphers such as aes256-gcm@openssh.com and a sufficiently strong MAC method (e.g. hmac-sha2-256 or hmac-sha2-512) immune to the attack vector.
Note:
Due to a bug in the Windows OpenSSH client employing the umac-128@openssh.com MAC as default, we disabled the problematic method in the SSH server configuration as well to minimize issues when connecting to the HPC cluster. Until further notice, only hmac-sha2-512 and hmac-sha2-256 can be employed as MAC. Please adapt your configuration accordingly, if required, e.g.:
Ciphers aes256-gcm@openssh.com,aes256-ctr MACs hmac-sha2-512,hmac-sha2-256
You can track any disruptions or security advisories that may occur due to the aforementioned change in the Email category on our status reporting portal.
Added Wildcards to the Search. Added DECT Numbers to UKAcontacts
Apart from adding wildcards to the people search, the display of internal DECT numbers of the university clinic has been finalized. These can be displayed for and by university clinic organizations.
Multi-Factor Authentication Mandatory starting 15 January 2024
We will introduce a mandatory MFA only access to the HPC cluster on the 15 January 2024.
From that day on, logins to *any* login nodes will only be possible with MFA.
If not done yet, please follow this step-by-step guide to configure your MFA token in the RegApp:
https://help.itc.rwth-aachen.de/service/rhr4fjjutttf/article/475152f6390f448fa0904d02280d292d/
We will also offer three dates for a brief introduction:
* Friday, 12. January 2024 ► 13:00 – 13:45: https://blog.rwth-aachen.de/itc-events/en/event/using-multi-factor-authorization-for-claix/
* Monday, 15. January 2024 ► 15:30 – 16:15: https://blog.rwth-aachen.de/itc-events/en/event/using-multi-factor-authorization-for-claix-2/
* Monday, 22. January 2024 ► 10:00 – 10:45: https://blog.rwth-aachen.de/itc-events/en/event/using-multi-factor-authorization-for-claix-3/
Furthermore, you can use the monthly HPC consultation hours for any further questions:
For more background information about HPC & 2FA, please read our blog entry:
Please contact servicedesk@itc.rwth-aachen.de for any further questions.
Release Notes Version 2.9.0 – Introduction of favorites icons for rooms
Features:
- Favorite icons for new areas in the “rooms” menu have been introduced
Improvements and bug fixes:
- Note regarding problems with the Android System WebView: some users experienced problems because it was too old. In these cases, a corresponding message now appears when the app is started.
- Several minor bug fixes
OS Upgraded to Rocky 8.9
During the last cluster maintenance, the OS of the HPC cluster was upgraded to Rocky Linux 8.9 due to the EOL of Rocky 8.8 to ensure continous update support for the systems.
The upgrade provides a modernized system base and security enhancements. The user view, usage and the expectable performance of the cluster remain unchanged.
You can track any disruptions or security advisories that may occur due to the aforementioned change in the Email category on our status reporting portal.
Release Notes Version 2.8.0
Improvements and bug fixes:
- It was not possible to click on “show directions” in the calendar details. This has now been fixed.
- The behavior of the learning room search and learning room map has been improved
- Copying of text and links has been improved
RWTHcontacts Expanded Person Search
The person search has been expanded in RWTHcontacts: Several pieces of information about a person are displayed together. The person directory has received a UI update and has been adapted to the design of RWTHcontacts.
