Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ingress incompatible with the new version of NGINX ingress controller #246

Closed
pierluigilenoci opened this issue Nov 17, 2021 · 3 comments · Fixed by #257
Closed

Ingress incompatible with the new version of NGINX ingress controller #246

pierluigilenoci opened this issue Nov 17, 2021 · 3 comments · Fixed by #257
Assignees
@virtualroot
Labels
type:maintenance 🔧 Improvements to tooling, testing, deployments, infrastructure, code style.

Comments

@pierluigilenoci
Copy link

The rasa-x ingress does not work with the new NGINX Ingress controller v1.0.5 release due to a new security feature introduced for a really serious security issue.

This new sanitization process blocks all inputs that contain prohibited keywords including curly brackets or backslashes.

Problematic snippet example:

rasa-x-helm/charts/rasa-x/templates/rasa-x-ingress.yaml

Lines 30 to 32 in 1122517

if ($request_uri ~ ^/robots.txt$) {
return 200 "User-agent: *\nDisallow: /\n";
}

@sara-tagger
Copy link

Thanks for the issue, @JustinaPetr will get back to you about it soon!

You may find help in the docs and the forum, too 🤗

@tczekajlo tczekajlo removed their assignment Nov 22, 2021
@RASADSA RASADSA added the type:maintenance 🔧 Improvements to tooling, testing, deployments, infrastructure, code style. label Nov 30, 2021
@virtualroot virtualroot self-assigned this Jan 3, 2022
@pierluigilenoci
Copy link
Author

pierluigilenoci commented Jan 5, 2022
edited
Loading

@tczekajlo @RASADSA @JustinaPetr @virtualroot any news about this?

virtualroot pushed a commit that referenced this issue Jan 10, 2022
Remove robots.txt from annotation
63b1fce 
Fix #246 and tackles CVE-2021-25742
@virtualroot virtualroot mentioned this issue Jan 10, 2022
Merged
virtualroot pushed a commit that referenced this issue Jan 10, 2022
Remove robots.txt from annotation
9133afa 
Fix #246 and tackles CVE-2021-25742
tczekajlo pushed a commit that referenced this issue Jan 10, 2022
@virtualroot
refactor: Remove robots.txt from annotation (#257)
5d57fc9 
* Remove robots.txt from annotation

Fix #246 and tackles CVE-2021-25742

* Bump chart
@virtualroot
Copy link
Contributor

@pierluigilenoci We took out the annotation in v3.1.0.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@virtualroot virtualroot

Labels
type:maintenance 🔧 Improvements to tooling, testing, deployments, infrastructure, code style.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Remove robots.txt from annotation RasaHQ/rasa-x-helm
5 participants
@virtualroot @tczekajlo @pierluigilenoci @sara-tagger @RASADSA