security: fix CVE-2024-42490 #11022
Merged
security: fix CVE-2024-42490 #11022
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
/cherry-pick version-2024.4 |
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #11022 +/- ##
==========================================
- Coverage 92.70% 92.68% -0.02%
==========================================
Files 736 736
Lines 36360 36422 +62
==========================================
+ Hits 33706 33759 +53
- Misses 2654 2663 +9
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
gcp-cherry-pick-bot bot
pushed a commit
that referenced
this pull request
Aug 22, 2024
CVE-2024-42490 Signed-off-by: Jens Langhammer <jens@goauthentik.io>
|
/cherry-pick version-2024.6 |
gcp-cherry-pick-bot bot
pushed a commit
that referenced
this pull request
Aug 22, 2024
CVE-2024-42490 Signed-off-by: Jens Langhammer <jens@goauthentik.io>
BeryJu
added a commit
that referenced
this pull request
Aug 22, 2024
security: fix CVE-2024-42490 (#11022) CVE-2024-42490 Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>
BeryJu
added a commit
that referenced
this pull request
Aug 22, 2024
security: fix CVE-2024-42490 (#11022) CVE-2024-42490 Signed-off-by: Jens Langhammer <jens@goauthentik.io> Co-authored-by: Jens L. <jens@goauthentik.io>
|
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ed9bcc52be188b95ae9aacaabffed6980c581d9b
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sFor arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-ed9bcc52be188b95ae9aacaabffed6980c581d9b-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)sAfterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ed9bcc52be188b95ae9aacaabffed6980c581d9bFor arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-ed9bcc52be188b95ae9aacaabffed6980c581d9b-arm64Afterwards, run the upgrade commands from the latest release notes. |
kensternberg-authentik
added a commit
that referenced
this pull request
Aug 22, 2024
* main: website/docs: cve release notes (#11026) security: fix CVE-2024-42490 (#11022) web: bump API Client version (#11021) providers/scim: optimize sending all members within a group (#9968) providers/scim: add API endpoint to sync single user (#8486) web: bump chromedriver from 127.0.3 to 128.0.0 in /tests/wdio (#11017) web: dual-select uses, part 2: dual-select harder (#9377) web: fix flash of unstructured content, add tests for it (#11013) core: bump drf-orjson-renderer from 1.7.2 to 1.7.3 (#11015) core: bump github.com/gorilla/sessions from 1.3.0 to 1.4.0 (#11002) website/docs: Correct the forward authentication configuration template for Caddy (#11012)
kensternberg-authentik
added a commit
that referenced
this pull request
Aug 23, 2024
* main: (165 commits) web/flows: update flow background (#11044) web: bump API Client version (#11043) website/integrations: Correct Discord avatar code and add warning. (#11031) core, web: update translations (#11032) website: bump docusaurus-theme-openapi-docs from 4.0.0 to 4.0.1 in /website (#11034) core: bump ruff from 0.6.1 to 0.6.2 (#11035) core: bump goauthentik.io/api/v3 from 3.2024063.12 to 3.2024063.13 (#11036) web: bump the babel group across 1 directory with 3 updates (#11038) web: bump wireit from 0.14.7 to 0.14.8 in /web (#11039) web: bump @goauthentik/api from 2024.6.3-1723921843 to 2024.6.3-1724337552 in /web/sfe (#11040) enterprise: add up-to-date license status (#11042) website/docs: cve release notes (#11026) security: fix CVE-2024-42490 (#11022) web: bump API Client version (#11021) providers/scim: optimize sending all members within a group (#9968) providers/scim: add API endpoint to sync single user (#8486) web: bump chromedriver from 127.0.3 to 128.0.0 in /tests/wdio (#11017) web: dual-select uses, part 2: dual-select harder (#9377) web: fix flash of unstructured content, add tests for it (#11013) core: bump drf-orjson-renderer from 1.7.2 to 1.7.3 (#11015) ...
kensternberg-authentik
added a commit
that referenced
this pull request
Aug 26, 2024
* web/element/ak-select-table: Provide unit test accessibility to Firefox and Safari; wrap calls to manipulate test DOMs directly in a browser.exec call so they run in the proper context and be await()ed properly web: finalize testing for tables web: added basic unit testing to API-free tables website/docs: cve release notes (#11026) security: fix CVE-2024-42490 (#11022) web: bump API Client version (#11021) providers/scim: optimize sending all members within a group (#9968) providers/scim: add API endpoint to sync single user (#8486) web: bump chromedriver from 127.0.3 to 128.0.0 in /tests/wdio (#11017) web: dual-select uses, part 2: dual-select harder (#9377) web: fix flash of unstructured content, add tests for it (#11013) core: bump drf-orjson-renderer from 1.7.2 to 1.7.3 (#11015) core: bump github.com/gorilla/sessions from 1.3.0 to 1.4.0 (#11002) web: interim commit of the basic sortable & selectable table. website/docs: Correct the forward authentication configuration template for Caddy (#11012) web: test for flash of unstructured content web: comment on state management in API layer, move file to point to correct component under test. web: fix Flash of Unstructured Content while SearchSelect is loading from the backend
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Details
Fix GHSA-qxqc-27pr-wgc8
Checklist
ak test authentik/)make lint-fix)If an API change has been made
make gen-build)If changes to the frontend have been made
make web)If applicable
make website)