Security advisory Fleet 4 9 1 has just been released fixing

Question

Security advisory Fleet 4 9 1 has just been released fixing an SSO vulnerability reported to us This vulnerability is not easy to exploit but we still recommend upgrading for anyone using SSO The 4 9 1 release is along with Consider temporarily enabling a non SSO admin user before upgrading in case changes to validation will require updating SSO configurations < here>

Mystery Incorporated · Answer

Ok thank you

Mystery Incorporated · Answer

Updated my SSO with AzureAD still working D

zwass · Answer

As long as the Entity ID matches folks should be good

Ryan · Answer

< zwass> hi I noticed this release isn t on the main CHANGELOG will it be added there eventually

zwass · Answer

< Ryan> yes thank you We cut patch releases from branches separate from `main` and then need to commit the changelog back to `main` I ll PR that now Here it is on the patch branch

Ryan · Answer

ah right ok that s great slightly smiling face

Ryan · Answer

thanks

Ryan · Answer

we already patched

Ryan · Answer

sunglasses

zwass · Answer

Thanks for the reminder though PR up now <https github com fleetdm fleet pull 4005 files>