Hi @<1689808977149300736:profile|CharmingKoala14> , let me double check that

@<1523701087100473344:profile|SuccessfulKoala55> any update on when the release may be produced? Currently vulnerability sources show CVE-2024-24592 remains in v1.16.1

Hi Martin, of course not,

Smart!

I was just wondering if it has been patched yet and if not what is the expected timeline for patching it

Yes, I believe the target is a patch version 1.15.1 to be released in a couple of weeks. This is not a major issue but it's always better to have have it fixed. (btw: the enterprise version never had this issue to being with, because it is of course authenticated, as well as it has additional RBAC layer on top.)

Good to know, thanks!

@<1523701205467926528:profile|AgitatedDove14> since 1.15.1 has been released I do not see anything in the release notes, has this been delayed? Is there a better way than slack to track it?

Hi @<1658281099807166464:profile|SmallCamel52>

Lack of authentication in all versions of the fileserver component

Are you leaving the fileserver open to the world ?

Hi Martin, of course not, I was just wondering if it has been patched yet and if not what is the expected timeline for patching it

Hi @<1689808977149300736:profile|CharmingKoala14> , we've had some delays due to testing and regressions, it should be out in two to three weeks

Hi @<1689808977149300736:profile|CharmingKoala14> , this is expected to release in v1.16.0 (1.15.1 was a patch version for some UI-related issues)

Is there a GitHub issue or anything I can track rather than pinging here?