Changes

For users with BypassGovernanceRetention permission, the S3 protocol allows the removal of Governance object locks from objects by putting a lock with empty parameters (i.e. neither lock mode nor retention specified). Gateway versions prior to 7.10.7 did not recognize this as a lock removal request and instead considered the request invalid. As of version 7.10.7, the Gateway correctly removes the object lock from the object. (CLOUD-3861)

Upgrade Impacts

See Upgrading Gateway, to upgrade from a version of Gateway 6 or 7. See Upgrading from Gateway 5.x, if migrating from Elasticsearch 2.3.3 and Gateway 5.

Starting with Gateway 7.8, Elasticsearch 6.8.6 is no longer supported. Remain on Gateway 7.7 until the rolling upgrade from Elasticsearch 6.8.6 to 7.5.2 is completed.

Address the upgrade impacts for this and each prior version since the currently running version:

See Content Gateway 6.4 Release for impacts from prior releases.

Watch Items and Issues

These are known operational limitations that exist for Gateway.

• When using the default RHEL/CentOS configuration of IPTABLES, traffic to the Gateway will be blocked unless action is taken to disable IPTABLES or to enable inbound traffic to the front-end protocol port(s).

• Gateway is not compatible with Linux PAM modules that depend on interactive validation operations such as OTP or biometric scanners.

• Gateway SCSP and Portal do not allow a bucket with object locking to be deleted, even if it is empty. It must be deleted by an S3 client, e.g., using "rclone purge" to delete all objects and versions. (CLOUD-3516)

See for known issues from prior releases that are still applicable, apart from those appearing above as fixed.