Authentik Release 2024.10.3 Release

요약

보안 릴리스가 포함된 2024.10 버전에서 수정된 내용을 확인하세요. 이 보안 릴리스에는 하위 호환성이 없는 데이터베이스 변경 사항이 포함되어 있습니다. 자세한 내용은 이 링크를 참조하세요.

변경 사항

  • providers/ldap: 전역 search_full_directory 권한이 충분하지 않은 오류를 수정함 (#12028) by gcp-cherry-pick-bot (#12030)
  • rbac: 객체 수준 권한에 대한 잘못된 object_description 수정 (#12029) by gcp-cherry-pick-bot (#12043)
  • web/flows: 보이지 않는 captcha 호출 오류 수정 (#12048) by gcp-cherry-pick-bot (#12049)
  • core: 인증된 사용자가 기존 링크로 다시 인증을 시도할 때 source_flow_manager에서 오류가 발생하는 문제 수정 (#12080) by gcp-cherry-pick-bot (#12081)
  • providers/scim: SCIM IDs에 대해 문자열 및 int를 허용하도록 수정 (#12093) by gcp-cherry-pick-bot (#12095)
  • root: 로케일 활성화가 범위화되지 않는 문제 수정 (#12091) by gcp-cherry-pick-bot (#12096)
  • root: 프록시 프로토콜의 원격 IP를 HTTP와 동일하게 확인하도록 수정 (#12094) by gcp-cherry-pick-bot (#12097)
  • website/docs: CVE를 연도별로 그룹화함 (#12099) by gcp-cherry-pick-bot (#12100)
  • internal: /media의 파일에 CSP 헤더 추가함 (#12092) by gcp-cherry-pick-bot (#12108)
  • website/docs: 보안을 강화하기 위해 CSP 추가함 (#11970) by gcp-cherry-pick-bot (#12116)
  • 보안: CVE 2024 52287 수정함 (#12114) by gcp-cherry-pick-bot (#12117)

전체 변경 로그: version/2024.10.2...version/2024.10.3

원문 내용

See https://docs.goauthentik.io/docs/releases/2024.10#fixed-in-2024103

Note that this security release includes backwards incompatible database changes; see https://docs.goauthentik.io/docs/security/cves/CVE-2024-52289#patches

What's Changed

  • providers/ldap: fix global search_full_directory permission not being sufficient (cherry-pick #12028) by @gcp-cherry-pick-bot in #12030
  • rbac: fix incorrect object_description for object-level permissions (cherry-pick #12029) by @gcp-cherry-pick-bot in #12043
  • web/flows: fix invisible captcha call (cherry-pick #12048) by @gcp-cherry-pick-bot in #12049
  • core: fix source_flow_manager throwing error when authenticated user attempts to re-authenticate with existing link (cherry-pick #12080) by @gcp-cherry-pick-bot in #12081
  • providers/scim: accept string and int for SCIM IDs (cherry-pick #12093) by @gcp-cherry-pick-bot in #12095
  • root: fix activation of locale not being scoped (cherry-pick #12091) by @gcp-cherry-pick-bot in #12096
  • root: check remote IP for proxy protocol same as HTTP/etc (cherry-pick #12094) by @gcp-cherry-pick-bot in #12097
  • website/docs: group CVEs by year (cherry-pick #12099) by @gcp-cherry-pick-bot in #12100
  • internal: add CSP header to files in /media (cherry-pick #12092) by @gcp-cherry-pick-bot in #12108
  • website/docs: add CSP to hardening (cherry-pick #11970) by @gcp-cherry-pick-bot in #12116
  • security: fix CVE 2024 52287 (cherry-pick #12114) by @gcp-cherry-pick-bot in #12117

Full Changelog: version/2024.10.2...version/2024.10.3

링크 : https://github.com/goauthentik/authentik/releases/tag/version%2F2024.10.3