https://github.com/osquery/osquery logo
Title
z

zwass

02/03/2022, 12:56 AM
Security advisory Fleet 4.9.1 has just been released fixing an SSO vulnerability reported to us. This vulnerability is not easy to exploit, but we still recommend upgrading for anyone using SSO. The 4.9.1 release is available, along with further details on the vulnerability. Consider temporarily enabling a non-SSO admin user before upgrading in case changes to validation will require updating SSO configurations. <!here>
🙏 2
🐜 2
🌟 2
👍 3
m

Mystery Incorporated

02/03/2022, 1:15 AM
Ok thank you
Updated, my SSO with AzureAD still working :D
💯 1
z

zwass

02/03/2022, 1:26 AM
As long as the Entity ID matches (as documented), folks should be good.
😛artyparrot: 1
r

Ryan

02/03/2022, 2:27 PM
@zwass hi, I noticed this release isn’t on the main CHANGELOG will it be added there eventually? https://github.com/fleetdm/fleet/blob/main/CHANGELOG.md
z

zwass

02/03/2022, 3:41 PM
@Ryan yes, thank you. We cut patch releases from branches separate from
main
and then need to commit the changelog back to
main
. I'll PR that now. Here it is on the patch branch: https://github.com/fleetdm/fleet/blob/release-candidate-4.9.1/CHANGELOG.md
r

Ryan

02/03/2022, 3:42 PM
ah right, ok that’s great 🙂
thanks
we already patched
😎
z

zwass

02/03/2022, 3:44 PM
Thanks for the reminder though! PR up now: https://github.com/fleetdm/fleet/pull/4005/files