Examples: query, "exact match", wildcard*, wild?ard, wild*rd
Fuzzy search: cake~ (finds cakes, bake)
Term boost: "red velvet"^4, chocolate^2
Field grouping: tags:(+work -"fun-stuff")
Escaping: Escape characters +-&|!(){}[]^"~*?:\ with \, e.g. \+
Range search: properties.timestamp:[1587729413488 TO *] (inclusive), properties.title:{A TO Z}(excluding A and Z)
Combinations: chocolate AND vanilla, chocolate OR vanilla, (chocolate OR vanilla) NOT "vanilla pudding"
Field search: properties.title:"The Title" AND text
Answered
Hi Everyone, Does Anybody Now If The Latest Release 1.15 Is Still Vulnerable To

Hi everyone, does anybody now if the latest release 1.15 is still vulnerable to None ?

  
  
Posted 8 months ago
Votes Newest

Answers 10


Hi Martin, of course not,

Smart!

I was just wondering if it has been patched yet and if not what is the expected timeline for patching it

Yes, I believe the target is a patch version 1.15.1 to be released in a couple of weeks. This is not a major issue but it's always better to have have it fixed. (btw: the enterprise version never had this issue to being with, because it is of course authenticated, as well as it has additional RBAC layer on top.)

  
  
Posted 8 months ago

Good to know, thanks!

  
  
Posted 8 months ago

Hi @<1658281099807166464:profile|SmallCamel52>

Lack of authentication in all versions of the fileserver component

Are you leaving the fileserver open to the world ?

  
  
Posted 8 months ago

Hi Martin, of course not, I was just wondering if it has been patched yet and if not what is the expected timeline for patching it

  
  
Posted 8 months ago

@<1523701205467926528:profile|AgitatedDove14> since 1.15.1 has been released I do not see anything in the release notes, has this been delayed? Is there a better way than slack to track it?

  
  
Posted 7 months ago

Hi @<1689808977149300736:profile|CharmingKoala14> , let me double check that

  
  
Posted 7 months ago

Hi @<1689808977149300736:profile|CharmingKoala14> , this is expected to release in v1.16.0 (1.15.1 was a patch version for some UI-related issues)

  
  
Posted 7 months ago

@<1523701087100473344:profile|SuccessfulKoala55> any update on when the release may be produced? Currently vulnerability sources show CVE-2024-24592 remains in v1.16.1

  
  
Posted 5 months ago

Is there a GitHub issue or anything I can track rather than pinging here?

  
  
Posted 5 months ago

Hi @<1689808977149300736:profile|CharmingKoala14> , we've had some delays due to testing and regressions, it should be out in two to three weeks

  
  
Posted 5 months ago
739 Views
10 Answers
8 months ago
5 months ago
Tags