Skip to content

v4.2.0

Latest
Latest
Compare
Choose a tag to compare
@github-actions github-actions released this 19 Dec 10:12
v4.2.0
bc9627a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

This release contains multiple fixes for security issues related to helm command injection.
Those fixes have been backported to previous Onyxia-API major versions
Read more here : https://docs.onyxia.sh/vulnerability-disclosure

Security ⚠️

  • Sanitize helm names and namespace (#542) @olevitt
  • Fix arbitrary Helm list parameter injection in GET /my-lab/app (#540) @nicolst
  • Fix command injection vulnerability in HelmInstallService (#539) @nicolst

Changes

🐎 Performance

📦 Dependencies

  • Fabric8 k8s client : revert to OkHTTPClient (#535) @olevitt
  • fix(deps): update fabric8-kubernetes-client monorepo to v7.0.1 (#538) @renovate
  • chore(deps): update fabric8-kubernetes-client monorepo to v7 (major) (#531) @renovate

Contributors

renovate, olevitt, and 2 other contributors
Assets 2
Loading