Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

providers/oauth2: fix CVE-2024-21637 (cherry-pick #8104) #8106

Merged
merged 2 commits into from
Jan 9, 2024
Merged

providers/oauth2: fix CVE-2024-21637 (cherry-pick #8104) #8106

merged 2 commits into from
Jan 9, 2024

Conversation

gcp-cherry-pick-bot[bot]
Copy link
Contributor

Cherry-picked providers/oauth2: fix CVE-2024-21637 (#8104)

Signed-off-by: Jens Langhammer jens@goauthentik.io

@BeryJu
providers/oauth2: fix CVE-2024-21637 (#8104)
9737e83 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot requested review from a team as code owners January 9, 2024 17:17
@gcp-cherry-pick-bot gcp-cherry-pick-bot bot requested review from BeryJu and removed request for a team January 9, 2024 17:17
@netlify Netlify
Copy link

netlify bot commented Jan 9, 2024
edited
Loading

Deploy Preview for authentik ready!

Name Link
🔨 Latest commit edd5ced
🔍 Latest deploy log https://app.netlify.com/sites/authentik/deploys/659d835fd4af610008966da8
😎 Deploy Preview https://deploy-preview-8106--authentik.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site configuration.

@codecov Codecov
Copy link

codecov bot commented Jan 9, 2024
edited
Loading

Codecov Report

Attention: 2 lines in your changes are missing coverage. Please review.

Comparison is base (1516fe8) 92.53% compared to head (b1f7dbc) 92.41%.

❗ Current head b1f7dbc differs from pull request most recent head edd5ced. Consider uploading reports for the commit edd5ced to get more accurate results

Files Patch % Lines
authentik/providers/oauth2/views/authorize.py 80.00% 1 Missing ⚠️
authentik/providers/oauth2/views/token.py 75.00% 1 Missing ⚠️
Additional details and impacted files 
@@                Coverage Diff                 @@
##           version-2023.8    #8106      +/-   ##
==================================================
- Coverage           92.53%   92.41%   -0.13%     
==================================================
  Files                 563      563              
  Lines               27305    27317      +12     
==================================================
- Hits                25268    25246      -22     
- Misses               2037     2071      +34
Flag Coverage Δ
e2e 50.48% <42.85%> (-0.79%) ⬇️
integration 26.38% <0.00%> (-0.02%) ⬇️
unit 89.36% <85.71%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@BeryJu
update changelog
edd5ced 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu force-pushed the cherry-pick-062164-version-2023.8 branch from b1f7dbc to edd5ced Compare January 9, 2024 17:33
@BeryJu BeryJu merged commit d9aab79 into version-2023.8 Jan 9, 2024
53 checks passed
@BeryJu BeryJu deleted the cherry-pick-062164-version-2023.8 branch January 9, 2024 17:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@BeryJu BeryJu Awaiting requested review from BeryJu BeryJu is a code owner automatically assigned from goauthentik/core

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@BeryJu