From 384ca87aadbf94fb548bbf4de2fa7fc74ec6a946 Mon Sep 17 00:00:00 2001 From: "Jens L." Date: Fri, 27 Sep 2024 16:27:11 +0200 Subject: [PATCH] website: update release notes for 2024.8.3 and 2024.6.5 (#11541) Signed-off-by: Jens Langhammer --- website/docs/releases/2024/v2024.6.md | 5 +++++ website/docs/releases/2024/v2024.8.md | 13 ++++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/website/docs/releases/2024/v2024.6.md b/website/docs/releases/2024/v2024.6.md index 252aaa19bd..7ea2927667 100644 --- a/website/docs/releases/2024/v2024.6.md +++ b/website/docs/releases/2024/v2024.6.md @@ -235,6 +235,11 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.6 - security: fix [CVE-2024-42490](../../security/CVE-2024-42490.md), reported by [@m2a2](https://github.com/m2a2) (cherry-pick #11022) #11025 +## Fixed in 2024.6.5 + +- security: fix [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11540) +- security: fix [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11538) + ## API Changes #### What's New diff --git a/website/docs/releases/2024/v2024.8.md b/website/docs/releases/2024/v2024.8.md index 7cdde2b8b1..28e15ba203 100644 --- a/website/docs/releases/2024/v2024.8.md +++ b/website/docs/releases/2024/v2024.8.md @@ -261,7 +261,7 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8 - web/admin: improve error handling (cherry-pick #11212) (#11219) - web/users: show - if device was registered before we started saving the time (cherry-pick #11256) (#11257) -## Fixed on 2024.8.2 +## Fixed in 2024.8.2 - core: ensure all providers have correct priority (cherry-pick #11280) (#11281) - core: ensure proxy provider is correctly looked up (cherry-pick #11267) (#11269) @@ -275,6 +275,17 @@ helm upgrade authentik authentik/authentik -f values.yaml --version ^2024.8 - web: revert lockfile lint, re-add integrity (#11380) - web/admin: fix notification property mapping forms (cherry-pick #11298) (#11300) +## Fixed in 2024.8.3 + +- events: always use expiry from current tenant for events, not only when creating from HTTP request (cherry-pick #11415) (#11416) +- providers/proxy: fix traefik label generation (cherry-pick #11460) (#11480) +- security: [CVE-2024-47070](../../security/CVE-2024-47070.md), reported by [@efpi-bot](https://github.com/efpi-bot) from [LogicalTrust](https://logicaltrust.net/en/) (cherry-pick #11536) (#11539) +- security: [CVE-2024-47077](../../security/CVE-2024-47077.md), reported by [@quentinmit](https://github.com/quentinmit) (cherry-pick #11535) (#11537) +- sources/ldap: fix mapping check, fix debug endpoint (cherry-pick #11442) (#11498) +- sources/ldap: fix ms_ad userAccountControl not checking for lockout (cherry-pick #11532) (#11534) +- web: Fix missing integrity fields in package-lock.json (#11509) +- web/admin: fix Authentication flow being required (cherry-pick #11496) (#11497) + ## API Changes #### What's New