fix(vulnerability): avoid expose gate endpoints (backport #1497) (#1498)

* fix(vulnerability): avoid expose gate endpoints (#1497) (cherry picked from commit b4ac721) * fix(build): kork and gradle versions Co-authored-by: Cristhian Castaneda <ccastanedarivera@gmail.com> Co-authored-by: Cameron Motevasselani <cameron@armory.io>
spinnaker · Dec 15, 2021 · 395299d · 395299d
1 parent 8cee7c7
commit 395299d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy b/gate-core/src/main/groovy/com/netflix/spinnaker/gate/config/AuthConfig.groovy
@@ -78,7 +78,7 @@ class AuthConfig {
     http
       .requestMatcher(requestMatcherProvider.requestMatcher())
       .authorizeRequests()
-        .antMatchers('/**/favicon.ico').permitAll()
+        .antMatchers('/favicon.ico').permitAll()
         .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
         .antMatchers(PermissionRevokingLogoutSuccessHandler.LOGGED_OUT_URL).permitAll()
         .antMatchers('/auth/user').permitAll()

diff --git a/gradle.properties b/gradle.properties
@@ -1,10 +1,10 @@
 enablePublishing=false
-fiatVersion=1.27.0
+fiatVersion=1.27.1
 includeProviders=basic,iap,ldap,oauth2,saml,x509
-korkVersion=7.110.0
+korkVersion=7.109.1
 kotlinVersion=1.4.0
 org.gradle.parallel=true
-spinnakerGradleVersion=8.10.1
+spinnakerGradleVersion=8.15.0
 targetJava11=true
 
 # To enable a composite reference to a project, set the