From ec85fb0b5a1368668f4d69d36643bc064c6198e1 Mon Sep 17 00:00:00 2001 From: Robin Beck Date: Wed, 5 Feb 2025 20:55:42 +0000 Subject: [PATCH] backport of commit 0c96b6870d158a007b7b3b91bb643a0566f57fa6 --- .release/security-scan.hcl | 21 +++++++++++++++++++ CODEOWNERS | 13 ++---------- enos/README.md | 10 --------- internal/ui/VERSION | 2 +- .../content/docs/api-clients/client-agent.mdx | 5 +++++ .../docs/concepts/transparent-sessions.mdx | 3 ++- 6 files changed, 31 insertions(+), 23 deletions(-) diff --git a/.release/security-scan.hcl b/.release/security-scan.hcl index da2c1a239d..db033ac545 100644 --- a/.release/security-scan.hcl +++ b/.release/security-scan.hcl @@ -5,6 +5,16 @@ container { dependencies = true alpine_secdb = true secrets = false + + # Triage items that are _safe_ to ignore here. Note that this list should be + # periodically cleaned up to remove items that are no longer found by the scanner. + triage { + suppress { + vulnerabilities = [ + "CVE-2024-13176", # openssl@3.3.2-r4 + ] + } + } } binary { @@ -13,4 +23,15 @@ binary { osv = true oss_index = true nvd = true + + # Triage items that are _safe_ to ignore here. Note that this list should be + # periodically cleaned up to remove items that are no longer found by the scanner. + triage { + suppress { + vulnerabilities = [ + "GO-2025-3408", # yamux@v0.1.1 + "GHSA-29qp-crvh-w22m", # yamux@v0.1.1 + ] + } + } } diff --git a/CODEOWNERS b/CODEOWNERS index c307950dda..2520668fd3 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -2,15 +2,6 @@ # the repo, unless a later match takes precedence. * @hashicorp/boundary -# engineering and web presence get notified of, and can approve changes to, web tooling, but not content. +# web presence and education -/website/ @hashicorp/web-presence @hashicorp/boundary -/website/data/ -/website/public/ -/website/content/ - -# education and engineering get notified of, and can approve changes to web content. - -/website/data/ @hashicorp/boundary-education-approvers @hashicorp/boundary -/website/public/ @hashicorp/boundary-education-approvers @hashicorp/boundary -/website/content/ @hashicorp/boundary-education-approvers @hashicorp/boundary +/website/ @hashicorp/boundary-education-approvers @hashicorp/web-presence @hashicorp/boundary \ No newline at end of file diff --git a/enos/README.md b/enos/README.md index 7511d97695..476e651ddf 100644 --- a/enos/README.md +++ b/enos/README.md @@ -57,16 +57,6 @@ See [enos.vars.hcl](./enos.vars.hcl) for complete descriptions of each variable. You can either modify `enos.vars.hcl` directly or create your own copy at `enos-local.vars.hcl` which gets ignored by git. -### System File Modifications - -For docker-based scenarios, you will need to modify `/etc/hosts` to include the -following lines -``` -127.0.0.1 localhost boundary -127.0.0.1 localhost worker -127.0.0.1 localhost vault -``` - ## Executing Scenarios From the `enos` directory: diff --git a/internal/ui/VERSION b/internal/ui/VERSION index eb0b8b12ba..c9f09a3806 100644 --- a/internal/ui/VERSION +++ b/internal/ui/VERSION @@ -1,4 +1,4 @@ -835b302c19bb6b5d32e2c93f0de619680d674f25 +c9a74f28009c4caa510bf48740d4b8997d6384a8 # This file determines the version of the UI to embed in the boundary binary. # Update this file by running 'make update-ui-version' from the root of this repo. # Set UI_COMMITISH when running the above target to update to a specific version. diff --git a/website/content/docs/api-clients/client-agent.mdx b/website/content/docs/api-clients/client-agent.mdx index 60f51a9ded..e8556fab31 100644 --- a/website/content/docs/api-clients/client-agent.mdx +++ b/website/content/docs/api-clients/client-agent.mdx @@ -516,6 +516,11 @@ $ boundary client-agent pause Follow the troubleshooting steps to understand why the Client Agent is not able to reach the controller. +#### sendmsg: broken pipe + +On MacOS versions 15.1 and 15.2, the firewall may incorrectly block the Client Agent from sending DNS responses. To resolve this issue, +upgrade to MacOS version 15.3 or later. + #### WARNING! Remote host indentification has changed! It is possible that someone is doing something nasty! This error arises when you use an alias to connect to an SSH target after the first successful connection using that alias. The issue occurs because Boundary workers generate a new host key on every new SSH connection. You can safely ignore the warning using the `StrictHostKeyChecking=no` command line option: diff --git a/website/content/docs/concepts/transparent-sessions.mdx b/website/content/docs/concepts/transparent-sessions.mdx index f774fd3b1d..7c8a827965 100644 --- a/website/content/docs/concepts/transparent-sessions.mdx +++ b/website/content/docs/concepts/transparent-sessions.mdx @@ -38,6 +38,7 @@ Refer to the following table for known issues that may affect the public beta: | Single-word aliases do not work on Windows | If you create an alias consisting of a single word without a dot (`.`), the alias will not work on Windows. | | Windows installer does not support partial installations | The Windows installer fails to start the Client Agent if the Desktop client is not installed at the same time. | | Alias connection failures inside containers/VMs | Using transparent sessions rely on network access to the local network of the computer the Client Agent is running on. Network enclaves such as those created by Docker containers and VMs cannot reach this network. | +| DNS lookup is broken on MacOS 15.1 and 15.2 | MacOS 15.1 and 15.2 may incorrectly block DNS lookups for the Client Agent. This issue is resolved in MacOS 15.3 and later. | ## More information @@ -45,4 +46,4 @@ Refer to the following topics for more information: - [Aliases](/boundary/docs/concepts/aliases) - [Boundary Client Agent](/boundary/docs/api-clients/client-agent) -- [Configure transparent sessions](/boundary/docs/configuration/target-aliases/transparent-sessions) \ No newline at end of file +- [Configure transparent sessions](/boundary/docs/configuration/target-aliases/transparent-sessions)