Skip to content

v0.30 : Security and bug fixes
Compare
Choose a tag to compare
@olevitt olevitt released this 07 Sep 19:41
v0.30
57cfa20
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Security notice

This release fixes a security flaw that allowed privilege escalation (if running with authenticationMode=ADMIN) for authenticated users through helm injection.
Please upgrade ASAP (either by using helm chart release 4.0.1+ or by explicitly setting Onyxia API version to v0.30+ in your values file. If using helm chart 4.0.1+, please make sure to read breaking changes introduced in 4.0.0)

What's Changed

  • Construct service urls from all ingress types (K8S ingress, Istio VirtualService, OpenShift Route) by @johnksv in #244
  • Fix onboarding single namespace and improve response http codes for exceptions by @johnksv in #245
  • Prevent crash when failing to parse manifest by @olevitt in #247
  • Hide not shared services by @olevitt in #249
  • Fix : prevent invalid helm names by @olevitt in #250

Full Changelog: v0.29...v0.30

Contributors

olevitt and johnksv
Assets 2
Loading