v7.24.3-rc.0

Changelog

• d70b7ed Bump versions for v7.24.3-rc.0 release candidate
• fc4ea00 Install multiuser plugin from osg-testing repo to get segfault patch
• d3479b1 Patch PR #3217: Bump xrdcl-pelican to v1.6.2 to fix instantaneous rate timeout bug in Caches
• 96ef764 Patch PR #3312: Restore sssd installation in Origin image

v7.25.0-rc.2

See what gets patched into this RC in #3354

v7.25.0-experimental.11

Changelog

• 9472596 Add ADIOS configuration parameters
• 2485d34 Add ADIOS origin export validator
• 56462ae Add storage.create scope to TestCLIAsyncGet token
• 7189a13 Check w.Write return values in ADIOS integration tests
• db58504 Define ADIOS storage type constant
• 110e16c Do not use an external container image layer cache
• 89f1bda Fix syntax error due to a cherry-pick
• 91bf51f Implement ADIOS WebDAV backend
• 7f3c2d6 Replaces the the service URL with the proper probe URL
• 457633e Tighten auth
• f53f44a Update directory listing title assertions to match actual output
• 656ec0f Update test
• d0dce7e Update tests
• db51c0f Update version to 7.25.0-experimental.10
• ff1c1f3 Update version to v7.25.0-experimental.9
• f08642e Updated version number in web-ui and goreleaser
• b1db579 Updated version to match tag
• 481b401 Wire ADIOS backend into origin server
• 92ae6ba fix: update goreleaser config for v2.5.1-pro API compatibility

v7.25.0-rc.1

This patch RC resolves a known vulnerability. It also installs the multiuser plugin from osg-testing repo to fix segfault.

v7.24.2

This patch release resolves a known vulnerability.

v7.23.3

This patch release resolves a known vulnerability.

v7.22.3

This patch release resolves a known vulnerability.

v7.21.5

This patch release resolves a known vulnerability.

v7.24.0

Pelican v7.24.0

This release introduces a substantial set of new features requested by users and server administrators, with development accelerated through AI-assisted engineering workflows.

Breaking Changes & Upgrade Notes for Admins

• [Cache/Origin]: Caches and Origins have a new dependency requirement on xrdhttp-pelican >= v0.0.10

New Features and Enhancements

• [Client]: Made significant updates to error classifications in Clients to provide users with more actionable/intelligible errors in #3089
• [Client]: Introduced a Client API Server for Pelican that exposes Client functionality through a RESTful API over Unix domain sockets, enabling programmatic access to Pelican transfer capabilities without directly invoking the CLI in #2780
• [Client]: Improved performance of the Client's object prestage command when using Caches that support the pre-stage API in #3014
• [Client]: Introduced a --dry-run option for the Client's object commands that lets users preview what actions the Client will take before moving data in #2865
• [Servers]: Added CLI tooling to create API keys for interacting with Pelican servers in #2958
• [Director]: Made discrepancies between federation metadata hosted at the Discovery URL and federation Directors more obvious and less prone to drift in #3009 and #3008
• [Servers]: Added the ability for Pelican servers to analyze/report on various storage metrics, including disk consumption by Origin exports and health monitoring for service log files in #2957 and #2967
• [Cache/Origin]: Added support for PKCS#11 to protect TLS credentials from unanticipated XRootD security vulnerabilities in #2948, #3055, and #3072
• [Cache/Origin]: Caches and Origins now check for installation of a minimum required XRootD version on startup and cause an error if no such version is found in #3092

Bugs Fixed

• [Client]: Fixed a progress bar bug that caused degraded performance with recursive Client actions (e.g. pelican object get --recursive) on namespaces containing ~100k+ objects in #2975
• [Client]: Made it more explicit in Client checksum operations when a checksum type other than what was requested is returned by a server in #2847
• [Director]: Fixed a bug that prevented the Director from logging errors or recording failure metrics when some Cache Director tests failed in #3099

Full Changelog: v7.23.0...v7.24.0

v7.25.0-rc.0

Pelican v7.25.0-rc.0

This release introduces a new SSH-based origin backend, an embedded OAuth2 issuer, rclone support, and a broad set of improvements to the client, UI, director reliability, and federation operations.

Breaking Changes & Upgrade Notes for Admins

• [Origin]: POSIX origins now validate filesystem permissions against namespace capabilities at startup in #2881
• [Origin]: Added POSC bypass filter for monitoring paths in #3297
• [Servers]: Added periodic SQLite database backups with compression and encryption in #3154

New Features and Enhancements

• [Origin]: Added an embedded OAuth2 issuer in #3151
• [Origin]: Added a new SSH-based origin backend in #3077
• [Origin]: Added support for configuring rclone as an origin storage backend in #3085
• [Origin]: Third-party copies are now enabled in origins out-of-the-box in #3148
• [Origin]: Added XRootD-style monitoring packets for the POSIXv2-style origin in #3235
• [Origin]: Integrated the N2N plugin to automatically map FederationPrefix to StoragePrefix for XRootD storage backends in #3111
• [Servers]: Added a web read-only mode Server.WebReadOnly to restrict mutating operations via the web UI in #3205
• [Client]: Improved object ls output with sorted entries, terminal-aware column formatting, and clear directory distinction in #3250
• [Client]: Added client-side modifications to support the local cache in #3175
• [Director]: Director redirect information is now probabilistically added to plugin output class ads in #3177
• [Registry]: Displayed registration type explicitly in Registry’s WebUI in #3218
• [Origin/Cache]: Presented the registered server name provided in Origin and Cache’ WebUI #3220
• [All]: Added a CLI documentation generator in #2562

Bugs Fixed

• [Client]: The client now accurately reports when a token is not sent in #3223
• [Client]: Preserved PreferredCaches ordering against responsiveness-based reordering in sortAttempts in #3253
• [Client]: Fixed token discovery logic in #2846
• [Client]: Fixed checksum verification for mismatched algorithm types in #3174
• [Client]: Fixed isProxyEnabled() in #3224
• [Director]: Fixed HA Director request forwarding for federations with 3 or more Directors in #3189
• [Director]: Made TTLCache key selection consistent in Director stat utilities in #3171
• [Director]: The Director no longer stats more caches than it intends to provide for sorting in #3179
• [Cache]: Caches now always use the federation host for the metadata discovery endpoint in #3268
• [Cache]: Disabled client x509 by default, as most CAs will no longer issue certificates with both client/server auth in the EKU #3202
• [Cache/Origin]: Fixed an integer conversion bug in XRootD metrics in #3213
• [Origin]: Fixed Globus origin to correctly handle non-existent directories in #3186, #145
• [Origin]: Throw an error when a Globus origin is configured with multiple exports in #3170
• [Origin]: Globus origins now require Server.EnableUI = true to perform OAuth flow in #3144
• [Origin]: Hardened the POSC plugin to prevent startup across filesystem boundaries in #3269
• [Origin]: Fixed missing Origin disk usage calculation defaults in #3232
• [Origin]: StoragePrefix and FederationPrefix are no longer validated the same way in #3267
• [Servers]: Configuration values marked as hidden are now hidden in the config editor in #3222
• [Servers]: Fixed a race condition in the IsSet and Unmarshal parameter functions in #3260
• [Servers]: Added missing defaults for storage health consumption parameters in #3241
• [Servers]: Downtime scheduling now prevents an end time before the start time in #3243
• [Servers]: Updated credential password messages to be less alarming in #3161
• [Servers]: Pelican no longer ships pelican-server Debian packages, as the required xrootd version isn't available there #3236

New Contributors

• @Macman1234 made their first contribution in #3098

Full Changelog: v7.24.0-rc.5...v7.25.0-rc.0