Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @

Preview 1.1.0

From EGIWiki
Jump to navigation Jump to search
The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

STORM 1.11.10

Description and released components

This release provides fixes and improvements for the several components.

It's HIGHLY RECOMMENDED to upgrade your installation to the version of StoRM WebDAV included in this release, that provides fixes for a security vulnerability affecting the Milton webdav library.

  • StoRM Backend v. 1.11.10: This release fixes an improper management of SURL status that can lead to PutDone errors and locked SURLs. It fixes also a minor issue related to the retrieved error message in case an expired token is used with srmAbort.
  • StoRM Info Provider v. 1.7.9: This release fixes a missing Glue2 field, not published on the BDII.
  • StoRM GridHTTPs v. 3.0.4: This release provides a fix for a security vulnerability and another minor bug fix on the returned error code when copy and move operation are done on equal source and destination.
  • StoRM WebDAV v. 1.0.4: This release provides a fix for a security vulnerability that was recently reported, and adds support for RFC-3230. It explains how to get checksum type and value of the stored resources. From this release, each HEAD and GET response will include a header like:
Digest: adler32=8a23d4f8

to be compliant with RFC-3230 specific.

Bug fixes

  • STOR-234 - Storm BE does not manage correctly abort requests of expired tokens
  • STOR-741 - WebDAV MOVE and COPY requests with source equal to destination fail with 412 instead of 403
  • STOR-835 - Improper management of SURL status can lead to PutDone errors and locked SURLs
  • STOR-837 - Missing GlueSAPath from Storage Areas BDII info


  • STOR-700 - Add support for RFC 3230 in StoRM WebDAV service

Security vulnerabilities

More information concerning the security vulnerabilities addressed by this release are going to be published when appropriate at this URL

Installation and configuration

Packages can be obtained from Preview repositories.

In general, to re-configure the services, follow the commands below.

  • First of all, reconfigure storm-info-provider:
/usr/libexec/storm-info-provider configure
  • Then, restart the involved services and the BDII:
service storm-backend-server restart
service storm-webdav restart
service bdii restart

Alternatively, you can simply run YAIM.

You can find more information about upgrade, clean installation and configuration of StoRM services in the System Administration Guide.

The instructions per component are below.

StoRM Backend v. 1.11.10

  • Update and restart package:
yum update storm-backend-server
service storm-backend-server restart

StoRM Info Provider v. 1.7.9

  • Update package:
yum update storm-dynamic-info-provider
  • Re-configure info provider:
/usr/libexec/storm-info-provider configure
  • Restart BDII service:
service bdii restart

Alternatively, you can simply run YAIM after the update.

StoRM GridHTTPs v. 3.0.4

  • Update and restart package:
yum update storm-gridhttps-server
service storm-gridhttps-server restart

StoRM WebDAV v. 1.0.4

  • Update and restart package:
yum update storm-webdav
service storm-webdav restart

Check the the StoRM WebDAV installation and configuration guide for detailed installation and configuration information.

VOMS Admin server 3.4.2


This release provides fixes to a couple of problems introduced in VOMS Admin 3.4.0, in particular:

  • The handling of group-scoped user requests was broken if the "Group-Manager" role was not defined for a VO
  • The sign-aup alias URL sent in user suspension notifications was broken

Authenticate users by certificate subject

Now users are correctly authenticated by certificate subject. With default settings, VOMS Admin authenticates clients by looking at the client certificate (subject,issuer) couple. A configuration flag was introduced in VOMS Admin 3.3.2 to authenticate only by certificate subject, but the fix worked only for VO administrators. This problem is now fixed.

For instruction on how to enable this feature, see the VOMS Admin 3.3.2 release notes.

Disable membership expiration notifications

Is now possible to disable membership expiration notifications. This kind of notification do not make sense in deployments, like at CERN, where a VO administrator cannot extend the lifetime of VO members.

To disable membership expiration notifications either:

  • reconfigure the affected VO with voms-configure specifying the --disable-membership-expiration-warnings option
  • set the voms.membership.disable_expiration_warning in /etc/voms-admin/<VO>/

A restart of the service is required.

Other improvements and fixes are listed below.

Bug fixes

  • VOMS-678 : VOMS Admin skip-ca check does not work as expected for unprivileged VOMS Admin users
  • VOMS-705 : Extend membership expiration time at each sync for VO members with valid, open-ended experiment participation
  • VOMS-706 : Add the ability to disable membership expiration notifications
  • VOMS-707 : Trim whitespace and remove newlines from subject in certificate requests
  • VOMS-710 : User requests cannot be approved if Group-Manager role is not defined
  • VOMS-711 : VOMS Admin sign-aup URL broken

Installation and configuration

Upgrade from VOMS Admin Server >= 3.4.0

Update the packages and restart the service.

Upgrade from VOMS Admin Server >= 3.2.0

A database upgrade and a reconfiguration (in this order) are required to upgrade to VOMS Admin server 3.4.2.

Upgrade from earlier VOMS Admin Server versions

First upgrade to VOMS Admin version 3.2.0 and then to 3.4.2. Clean install

Follow the instructions in the VOMS System Administrator Guide.

VOMS Server 2.0.13

Bug fixes

  • VOMS-700 : canonicalize_string doesn't unescape encoded characters correctly

Installation and configuration

A restart of the service is needed.

For clean and update installation instructions, follow the instructions in the VOMS System Administrator guide.

VOMS API Java 3.0.6

Targeted at Bouncycastle 1.46/CANL 1.3.x


This version of the Java APIs provide the following improvement and bug fixes:

  • SSLv3 is no longer used for legacy VOMS requests
  • The CertificateValidatorBuilder allows callers to select the hash function used to resolve trust anchors

Bug fixes

  • VOMS-653 : VOMS Java APIs select SSLv3 for legacy VOMS requests
  • VOMS-703 : CertificateValidatorBuilder should allow to configure whether is running in an OpenSSL 1.x or 0.9.x envinroment


From Maven central


From RPM package

  • For a clean install:
yum install voms-api-java3
  • For an update install:
yum update

VOMS API Java 3.1.0

This is the porting of VOMS API Java to CANL 2.1.x/Bouncycastle 1.50. The functionality is equivalent to VOMS API Java 3.0.6.


From Maven central


VOMS API Java 3.2.0

This is the porting of VOMS API Java to CANL 2.2.x/Bouncycastle 1.52. The functionality is equivalent to VOMS API Java 3.0.6.


From Maven central