Hi SmallCamel52
Lack of authentication in all versions of the fileserver component
Are you leaving the fileserver open to the world ?
Hi Martin, of course not, I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
Hi Martin, of course not,
Smart!
I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
Yes, I believe the target is a patch version 1.15.1 to be released in a couple of weeks. This is not a major issue but it's always better to have have it fixed. (btw: the enterprise version never had this issue to being with, because it is of course authenticated, as well as it has additional RBAC layer on top.)
AgitatedDove14 since 1.15.1 has been released I do not see anything in the release notes, has this been delayed? Is there a better way than slack to track it?
Hi CharmingKoala14 , let me double check that
Hi CharmingKoala14 , this is expected to release in v1.16.0 (1.15.1 was a patch version for some UI-related issues)
SuccessfulKoala55 any update on when the release may be produced? Currently vulnerability sources show CVE-2024-24592 remains in v1.16.1
Hi CharmingKoala14 , we've had some delays due to testing and regressions, it should be out in two to three weeks
Is there a GitHub issue or anything I can track rather than pinging here?
SuccessfulKoala55 is there an updated plan for remediation of this issue?
Hi CharmingKoala14 , this version was released on 26 June (see here )
Thanks SuccessfulKoala55 it may be worth confirming this in the NVD: nvd.nist.gov/vuln/detail/CVE-2024-24592 since this currently indicates there is no fixed version