This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
+14 more
ReleasePort's take
Light signalMooseFS 4.59.1 fixes an out-of-bounds memory read in chunkserver and patches multiple security issues identified in a pwno.io audit. Performance improvements reduce I/O overhead under load.
Why it matters: Patch to address out-of-bounds memory vulnerability and pwno.io audit findings. Performance improvements in I/O handling warrant testing before production rollout. Deploy after dev validation.
Summary
AI summaryFixed a potential out-of-bounds memory read in chunkserver.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Security | Medium |
Fixed a potential out-of-bounds memory read in chunkserver processing unexpected input data. Fixed a potential out-of-bounds memory read in chunkserver processing unexpected input data. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Security | Medium |
Addressed multiple security issues identified by pwno.io, enhancing system hardening and reliability. Addressed multiple security issues identified by pwno.io, enhancing system hardening and reliability. Source: llm_adapter@2026-05-21 Confidence: low |
— |
| Feature | Medium |
Updated license handling for compatibility with upcoming MooseFS 5 migrations. Updated license handling for compatibility with upcoming MooseFS 5 migrations. Source: llm_adapter@2026-05-21 Confidence: high |
— |
| Performance | Medium |
Removed overly aggressive fadvise calls to reduce I/O overhead and improve stability under load. Removed overly aggressive fadvise calls to reduce I/O overhead and improve stability under load. Source: llm_adapter@2026-05-21 Confidence: high |
— |
Full changelog
MooseFS 4.59.1 Release Notes
MooseFS 4.59.1 is a maintenance release that addresses specific issues in chunkserver memory handling, adjusts I/O advisory behavior, and updates license compatibility to support upcoming MooseFS 5 migrations.
Chunkserver
-
Fixed a potential out-of-bounds (OOB) memory read
This issue could occur when processing unexpected or malformed input data. The fix strengthens chunkserver robustness and reduces the risk of unsafe memory access.
-
Removed overly aggressive
fadvisecallsEarlier versions issued frequent advisory calls to the kernel, which in some workloads introduced overhead without measurable benefit. The current behavior keeps only those hints that showed value during testing, resulting in more stable I/O patterns under load.
All Components
-
Security and stability improvements
Addressed multiple issues identified during internal review and external security research conducted by pwno.io.
These fixes improve overall system hardening and reliability without requiring configuration or operational changes. -
Updated license handling for MooseFS 5 compatibility
This allows licenses to be updated before upgrading the system version, simplifying migration to MooseFS 5 and avoiding combined license-and-version upgrade steps.
Upgrade Recommendation
Upgrading to MooseFS 4.59.1 is recommended to receive security-related fixes, updated license handling, and refined chunkserver behavior.
Security Fixes
- Addressed multiple security issues identified by pwno.io, improving system hardening and reliability.
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About MooseFS
MooseFS Distributed Storage – Open Source, Petabyte, Fault-Tolerant, Highly Performing, Scalable Network Distributed File System / Software-Defined Storage
Related context
Related tools
Beta — feedback welcome: [email protected]