Hi @<1658281099807166464:profile|SmallCamel52>
Lack of authentication in all versions of the fileserver component
Are you leaving the fileserver open to the world ?
Hi Martin, of course not,
Smart!
I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
Yes, I believe the target is a patch version 1.15.1 to be released in a couple of weeks. This is not a major issue but it's always better to have have it fixed. (btw: the enterprise version never had this issue to being with, because it is of course authenticated, as well as it has additional RBAC layer on top.)
Hi Martin, of course not, I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
@<1523701087100473344:profile|SuccessfulKoala55> any update on when the release may be produced? Currently vulnerability sources show CVE-2024-24592 remains in v1.16.1
Is there a GitHub issue or anything I can track rather than pinging here?
@<1523701205467926528:profile|AgitatedDove14> since 1.15.1 has been released I do not see anything in the release notes, has this been delayed? Is there a better way than slack to track it?
Hi @<1689808977149300736:profile|CharmingKoala14> , let me double check that
Hi @<1689808977149300736:profile|CharmingKoala14> , this is expected to release in v1.16.0 (1.15.1 was a patch version for some UI-related issues)
Hi @<1689808977149300736:profile|CharmingKoala14> , we've had some delays due to testing and regressions, it should be out in two to three weeks