Hi SmallCamel52
Lack of authentication in all versions of the fileserver component
Are you leaving the fileserver open to the world ?
Hi Martin, of course not,
Smart!
I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
Yes, I believe the target is a patch version 1.15.1 to be released in a couple of weeks. This is not a major issue but it's always better to have have it fixed. (btw: the enterprise version never had this issue to being with, because it is of course authenticated, as well as it has additional RBAC layer on top.)
AgitatedDove14 since 1.15.1 has been released I do not see anything in the release notes, has this been delayed? Is there a better way than slack to track it?
Hi Martin, of course not, I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
Hi CharmingKoala14 , we've had some delays due to testing and regressions, it should be out in two to three weeks
Hi CharmingKoala14 , let me double check that
Hi CharmingKoala14 , this is expected to release in v1.16.0 (1.15.1 was a patch version for some UI-related issues)
SuccessfulKoala55 any update on when the release may be produced? Currently vulnerability sources show CVE-2024-24592 remains in v1.16.1
Is there a GitHub issue or anything I can track rather than pinging here?