Thanks @<1523701087100473344:profile|SuccessfulKoala55> it may be worth confirming this in the NVD: nvd.nist.gov/vuln/detail/CVE-2024-24592 since this currently indicates there is no fixed version
@<1523701087100473344:profile|SuccessfulKoala55> is there an updated plan for remediation of this issue?
@<1523701205467926528:profile|AgitatedDove14> since 1.15.1 has been released I do not see anything in the release notes, has this been delayed? Is there a better way than slack to track it?
Hi @<1689808977149300736:profile|CharmingKoala14> , this is expected to release in v1.16.0 (1.15.1 was a patch version for some UI-related issues)
@<1523701087100473344:profile|SuccessfulKoala55> any update on when the release may be produced? Currently vulnerability sources show CVE-2024-24592 remains in v1.16.1
Hi Martin, of course not,
Smart!
I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
Yes, I believe the target is a patch version 1.15.1 to be released in a couple of weeks. This is not a major issue but it's always better to have have it fixed. (btw: the enterprise version never had this issue to being with, because it is of course authenticated, as well as it has additional RBAC layer on top.)
Hi Martin, of course not, I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
Hi @<1689808977149300736:profile|CharmingKoala14> , this version was released on 26 June (see here )
Hi @<1658281099807166464:profile|SmallCamel52>
Lack of authentication in all versions of the fileserver component
Are you leaving the fileserver open to the world ?
Is there a GitHub issue or anything I can track rather than pinging here?
Hi @<1689808977149300736:profile|CharmingKoala14> , let me double check that
Hi @<1689808977149300736:profile|CharmingKoala14> , we've had some delays due to testing and regressions, it should be out in two to three weeks