Hi Martin, of course not,
Smart!
I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
Yes, I believe the target is a patch version 1.15.1 to be released in a couple of weeks. This is not a major issue but it's always better to have have it fixed. (btw: the enterprise version never had this issue to being with, because it is of course authenticated, as well as it has additional RBAC layer on top.)
Hi @<1658281099807166464:profile|SmallCamel52>
Lack of authentication in all versions of the fileserver component
Are you leaving the fileserver open to the world ?
Hi Martin, of course not, I was just wondering if it has been patched yet and if not what is the expected timeline for patching it
@<1523701205467926528:profile|AgitatedDove14> since 1.15.1 has been released I do not see anything in the release notes, has this been delayed? Is there a better way than slack to track it?
Hi @<1689808977149300736:profile|CharmingKoala14> , let me double check that
Hi @<1689808977149300736:profile|CharmingKoala14> , this is expected to release in v1.16.0 (1.15.1 was a patch version for some UI-related issues)
@<1523701087100473344:profile|SuccessfulKoala55> any update on when the release may be produced? Currently vulnerability sources show CVE-2024-24592 remains in v1.16.1
Is there a GitHub issue or anything I can track rather than pinging here?
Hi @<1689808977149300736:profile|CharmingKoala14> , we've had some delays due to testing and regressions, it should be out in two to three weeks