backport of commit 0c96b68

hashicorp · Feb 5, 2025 · ec85fb0 · ec85fb0
1 parent 3ba473c
commit ec85fb0
Show file tree

Hide file tree

Showing 6 changed files with 31 additions and 23 deletions.
diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl
@@ -5,6 +5,16 @@ container {
 	dependencies = true
 	alpine_secdb = true
 	secrets      = false
+
+	# Triage items that are _safe_ to ignore here. Note that this list should be
+	# periodically cleaned up to remove items that are no longer found by the scanner.
+	triage {
+		suppress {
+			vulnerabilities = [
+				"CVE-2024-13176", # [email protected]
+			]
+		}
+	}
 }
 
 binary {
@@ -13,4 +23,15 @@ binary {
 	osv          = true
 	oss_index    = true
 	nvd          = true
+
+	# Triage items that are _safe_ to ignore here. Note that this list should be
+	# periodically cleaned up to remove items that are no longer found by the scanner.
+	triage {
+		suppress {
+			vulnerabilities = [
+				"GO-2025-3408", # [email protected]
+				"GHSA-29qp-crvh-w22m", # [email protected]
+			]
+		}
+	}
 }
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -2,15 +2,6 @@
 # the repo, unless a later match takes precedence.
 * @hashicorp/boundary
 
-# engineering and web presence get notified of, and can approve changes to, web tooling, but not content.
+# web presence and education
 
-/website/ @hashicorp/web-presence @hashicorp/boundary
-/website/data/
-/website/public/
-/website/content/
-
-# education and engineering get notified of, and can approve changes to web content.
-
-/website/data/		    @hashicorp/boundary-education-approvers @hashicorp/boundary
-/website/public/		@hashicorp/boundary-education-approvers @hashicorp/boundary
-/website/content/	    @hashicorp/boundary-education-approvers @hashicorp/boundary
+/website/       @hashicorp/boundary-education-approvers @hashicorp/web-presence @hashicorp/boundary
diff --git a/enos/README.md b/enos/README.md
@@ -57,16 +57,6 @@ See [enos.vars.hcl](./enos.vars.hcl) for complete descriptions of each variable.
 You can either modify `enos.vars.hcl` directly or create your own copy at
 `enos-local.vars.hcl` which gets ignored by git.
 
-### System File Modifications
-
-For docker-based scenarios, you will need to modify `/etc/hosts` to include the
-following lines
-```
-127.0.0.1       localhost       boundary
-127.0.0.1       localhost       worker
-127.0.0.1       localhost       vault
-```
-
 ## Executing Scenarios
 From the `enos` directory:
 

diff --git a/internal/ui/VERSION b/internal/ui/VERSION
@@ -1,4 +1,4 @@
-835b302c19bb6b5d32e2c93f0de619680d674f25
+c9a74f28009c4caa510bf48740d4b8997d6384a8
 # This file determines the version of the UI to embed in the boundary binary.
 # Update this file by running 'make update-ui-version' from the root of this repo.
 # Set UI_COMMITISH when running the above target to update to a specific version.
diff --git a/website/content/docs/api-clients/client-agent.mdx b/website/content/docs/api-clients/client-agent.mdx
@@ -516,6 +516,11 @@ $ boundary client-agent pause
 
 Follow the troubleshooting steps to understand why the Client Agent is not able to reach the controller.
 
+#### sendmsg: broken pipe
+
+On MacOS versions 15.1 and 15.2, the firewall may incorrectly block the Client Agent from sending DNS responses. To resolve this issue,
+upgrade to MacOS version 15.3 or later.
+
 #### WARNING! Remote host indentification has changed! It is possible that someone is doing something nasty!
 
 This error arises when you use an alias to connect to an SSH target after the first successful connection using that alias. The issue occurs because Boundary workers generate a new host key on every new SSH connection. You can safely ignore the warning using the `StrictHostKeyChecking=no` command line option:

diff --git a/website/content/docs/concepts/transparent-sessions.mdx b/website/content/docs/concepts/transparent-sessions.mdx
@@ -38,11 +38,12 @@ Refer to the following table for known issues that may affect the public beta:
 | Single-word aliases do not work on Windows | If you create an alias consisting of a single word without a dot (`.`), the alias will not work on Windows. |
 | Windows installer does not support partial installations | The Windows installer fails to start the Client Agent if the Desktop client is not installed at the same time. |
 | Alias connection failures inside containers/VMs | Using transparent sessions rely on network access to the local network of the computer the Client Agent is running on. Network enclaves such as those created by Docker containers and VMs cannot reach this network. |
+| DNS lookup is broken on MacOS 15.1 and 15.2 | MacOS 15.1 and 15.2 may incorrectly block DNS lookups for the Client Agent. This issue is resolved in MacOS 15.3 and later. |
 
 ## More information
 
 Refer to the following topics for more information:
 
 - [Aliases](/boundary/docs/concepts/aliases)
 - [Boundary Client Agent](/boundary/docs/api-clients/client-agent)
-- [Configure transparent sessions](/boundary/docs/configuration/target-aliases/transparent-sessions)
+- [Configure transparent sessions](/boundary/docs/configuration/target-aliases/transparent-sessions)