On 10/13/23 12:22, Taras Shapovalov wrote:
Oh, does this mean that no one should use Slurm versions <= 21.08 any more?
SchedMD recommends to use the currently supported versions (currently 22.05 or 23.02). Next month 23.11 will be released and 22.05 will become unsupported.
The question for sites is whether they can accept running software that contains known security holes? That goes for Slurm as well as all other software such as the Linux kernel etc. etc. We don't yet know the CVE score for CVE-2023-41914, but SchedMD's description of the fixes sounds pretty serious.
IMHO, your organization's IT security policy should be consulted in order to answer your question.
/Ole
