Releases: InseeFrLab/onyxia-api
v4.2.0
This release contains multiple fixes for security issues related to helm command injection.
Those fixes have been backported to previous Onyxia-API major versions
Read more here : https://docs.onyxia.sh/vulnerability-disclosure
Security ⚠️
- Sanitize helm names and namespace (#542) @olevitt
- Fix arbitrary Helm list parameter injection in GET /my-lab/app (#540) @nicolst
- Fix command injection vulnerability in HelmInstallService (#539) @nicolst
Changes
- Allow JMX debug (#536) @olevitt
- Further options for filtering catalog services (#532) @mmwinther
- Add username to logs (#526) @olevitt
🐎 Performance
📦 Dependencies
Contributors
Assets 2
v3.1.1
This release contains multiple fixes for security issues related to helm command injection.
This is a backport of those fixes.
Read more here : https://docs.onyxia.sh/vulnerability-disclosure
Users are strongly encouraged to use this version instead of v3.1.0 (this can be done by overriding api.image.tag in your helm values) or upgrade to more recent Onyxia releases.
v2.8.2
This release contains multiple fixes for security issues related to helm command injection.
This is a backport of those fixes.
Read more here : https://docs.onyxia.sh/vulnerability-disclosure
Users are strongly encouraged to use this version instead of v2.8.1 (this can be done by overriding api.image.tag in your helm values) or upgrade to more recent Onyxia releases.
v4.1.0
Changes
- Filter catalog services based on keywords (#520) @mmwinther
- Implement refresh endpoint (as an admin endpoint) (#522) @skykanin
- Add script to install helm for dynamic OS and ARCH (#521) @ZettWire
- Add support for structured (json) logging (#523) @olevitt
🪲 Fixes
📚 Documentation
- Cleanup : remove unused region geo location (#524) @olevitt
- Add roles claim documentation (#515) @olevitt
📦 Dependencies
- Upgrade spring-boot to 3.4 (#523) @olevitt
- Bump helm version to v3.16.3 (#530) @olevitt
- fix(deps): update dependency org.springdoc:springdoc-openapi-starter-webmvc-ui to v2.7.0 (#529) @renovate
- chore(deps): update crazy-max/ghaction-docker-meta action to v5.6.1 (#528) @renovate
- chore(deps): update eclipse-temurin docker tag to v21.0.5_11-jre (#527) @renovate
Contributors
Assets 2
v4.0.0
v3.1.0
🚀 Features
🪲 Fixes
- Fix errors ready replicas (#505) @olevitt
- Ignore SSE errors (#509) @olevitt
- Fix helm install actions (#510) @olevitt
Changes
- Implement problem details (#504) @olevitt
- Remove unused key from regions.json: initScript (#507) @mickaelbaron
- Add new startupProbe.json IDE schema (#494) @Gaspi
📦 Dependencies
Contributors
Assets 2
v3.0.0
🚀 Features
- Add support for specifying timeout in catalogs (#481) @johnksv
- Use JSON schema for configuration (#455) @olevitt
Changes
-
Create proxy.json (#493) @ihiverlet
-
Create role-spark.json (#491) @ihiverlet
📚 Documentation
- delete unused properties from documentation (#492) @ihiverlet
📦 Dependencies
- fix(deps): update dependency com.github.erosb:everit-json-schema to v1.14.4 (#482) @renovate
- chore(deps): update fabric8-kubernetes-client monorepo to v6.13.3 (#474) @renovate
- fix(deps): update dependency org.springframework.boot:spring-boot-starter-parent to v3.3.3 - autoclosed (#475) @renovate
- fix(deps): update dependency org.apache.commons:commons-compress to v1.27.1 (#473) @renovate
- fix(deps): update dependency org.apache.commons:commons-lang3 to v3.17.0 (#472) @renovate
Contributors
Assets 2
v2.8.1
🪲 Fixes
Changes
📦 Dependencies
Contributors
Assets 2
v2.8.0
🚀 Features
- openshift scc support (#459) @fcomte
- Return the list of controllers to better determine service's health (#428) @fcomte
- Quotas : add ignore annotation (#465) @olevitt
- Add values.yaml to help discover default values. (#458) @fcomte
Changes
- Add friendly name in events when installing a service (#454) @ihiverlet
- Cleanup unused logic (#456) @olevitt
- Preserve order of categories from values.schema.json (#451) @olevitt
🪲 Fixes
📚 Documentation
📦 Dependencies
- fix(deps): update dependency org.apache.commons:commons-compress to v1.26.2 (#462) @renovate
- fix(deps): update dependency org.apache.commons:commons-compress to v1.26.0 [security] (#394) @renovate
- Bump helm to v3.15.3 (#461) @olevitt
- Bump helm to v3.15.2 (#449) @olevitt
- fix(deps): update dependency org.apache.commons:commons-lang3 to v3.15.0 (#460) @renovate
- chore(deps): update fabric8-kubernetes-client monorepo to v6.13.1 (#439) @renovate
- fix(deps): update dependency org.springdoc:springdoc-openapi-starter-webmvc-ui to v2.6.0 (#450) @renovate
