Title
#fleet
zwass

zwass

02/03/2022, 12:56 AM
Security advisory Fleet 4.9.1 has just been released fixing an SSO vulnerability reported to us. This vulnerability is not easy to exploit, but we still recommend upgrading for anyone using SSO. The 4.9.1 release is available, along with further details on the vulnerability. Consider temporarily enabling a non-SSO admin user before upgrading in case changes to validation will require updating SSO configurations. <!here>
Mystery Incorporated

Mystery Incorporated

02/03/2022, 1:15 AM
Ok thank you
1:25 AM
Updated, my SSO with AzureAD still working πŸ˜„
zwass

zwass

02/03/2022, 1:26 AM
As long as the Entity ID matches (as documented), folks should be good.
r

Ryan

02/03/2022, 2:27 PM
@zwass hi, I noticed this release isn’t on the main CHANGELOG will it be added there eventually? https://github.com/fleetdm/fleet/blob/main/CHANGELOG.md
zwass

zwass

02/03/2022, 3:41 PM
@Ryan yes, thank you. We cut patch releases from branches separate from
main
and then need to commit the changelog back to
main
. I'll PR that now. Here it is on the patch branch: https://github.com/fleetdm/fleet/blob/release-candidate-4.9.1/CHANGELOG.md
r

Ryan

02/03/2022, 3:42 PM
ah right, ok that’s great πŸ™‚
3:42 PM
thanks
3:42 PM
we already patched
3:43 PM
😎
zwass

zwass

02/03/2022, 3:44 PM
Thanks for the reminder though! PR up now: https://github.com/fleetdm/fleet/pull/4005/files