Known issues

MTA version 6.2.0 has the following issues.

CVE-2023-44487: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw has been found in handling multiplexed streams in the HTTP/2 protocol. The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can be reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection, which resulted in a denial of service due to server resource consumption.

The following issues have been listed under this issue:

• (MTA-1428)

• (MTA-1430)

• (MTA-1448)

To resolve this issue, upgrade to {ProductShortName} 6.2.1 or later.

For more details, see CVE-2023-44487 (Rapid Reset Attack)

CVE-2023-39325: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack in the Go language packages)

The HTTP/2 protocol is susceptible to a denial of service attack because request cancellation can reset multiple streams quickly. The server has to set up and tear down the streams while not hitting any server-side limit for the maximum number of active streams per connection. This results in a denial of service due to server resource consumption.

The following issues have been listed under this issue:

• MTA-1429

• MTA-1482

• MTA-1447

To resolve this issue, upgrade to {ProductShortName} 6.2.1 or later.

For more information, see CVE-2023-39325 (Rapid Reset Attack in the Go language packages).

Re-enabling Keycloak breaks MTA

Keycloak is enabled by default. If you disable and then re-enable Keycloak, you cannot perform any actions in the MTA web console after logging in again.

This error is caused as the credential-mta-rhsso secret is updated when auth/Keycloak is disabled and re-enabled.

The suggested workaround is to restore the old password in the credential-mta-rhsso secret, after re-enabling auth. MTA-1152

Analysis fails when fetching rules from a repository with a folder that contains spaces in its name

When fetching custom rules from a repository during an analysis, if the Root path field contains spaces, the mta-cli command is not properly composed and the analysis fails. MTA-458

Update notifications are disabled for Application, Job functions, and Business services

Update notifications are disabled for Application, Job function and Business services, as a result, no notifications are displayed. MTA-1024

Repository type field is not required

The Repository type field is not required when saving the configuring rule files from a repository in analysis. MTA-1047

False 'not connected' status for new Jira instance

When creating a new Jira instance, the connection status is initially shown as Not connected before it moves to Connected, and this delay could cause the user to think that the provided credentials are incorrect. MTA-1019

For a complete list of all known issues in this release, see the list of Known Issues in Jira.