v0.4.6
·
169 commits
to main
since this release
v0.4.6
prometherion
Dario Tranchitella
This tag was signed with the committer’s verified signature.
The key has expired.
prometherion
Dario Tranchitella
⚠️ This release addresses the GitHub Security Advisory "Authentication bypass using an empty token" identified with the CVE IDCVE-2023-48312marked asCritical.
Changelog
🐛 Bug fixes
- 472404f: fix: fix authentication bypass for capsule-proxy (@slimm609)
- 1c829a4: fix: incorrect impersonation for user and groups (@MaxFedotov)
🚀 Build process updates
- 9990d8f: ci(deps): bump amannn/action-semantic-pull-request from 5.3.0 to 5.4.0 (@dependabot[bot])
- a4618ba: ci(deps): bump aquasecurity/trivy-action from 0.12.0 to 0.13.1 (@dependabot[bot])
- 079600f: ci(deps): bump aquasecurity/trivy-action from 0.13.1 to 0.14.0 (#339) (@dependabot[bot])
- 12f892e: ci(deps): bump ossf/scorecard-action from 2.3.0 to 2.3.1 (@dependabot[bot])
- ae9c793: ci(deps): bump wagoid/commitlint-github-action from 5.4.3 to 5.4.4 (@dependabot[bot])
Thanks to all the contributors!
Full Changelog: v0.4.5...v0.4.6
Docker Images
ghcr.io/projectcapsule/capsule-proxy:v0.4.6ghcr.io/projectcapsule/capsule-proxy:latest
Contributors
slimm609, MaxFedotov, and dependabot