Security advisory Fleet 4.9.1 has just been relea...
# fleet
z
Security advisory Fleet 4.9.1 has just been released fixing an SSO vulnerability reported to us. This vulnerability is not easy to exploit, but we still recommend upgrading for anyone using SSO. The 4.9.1 release is available, along with further details on the vulnerability. Consider temporarily enabling a non-SSO admin user before upgrading in case changes to validation will require updating SSO configurations. <!here>
๐Ÿ™ 2
๐Ÿœ 2
๐ŸŒŸ 2
๐Ÿ‘ 3
m
Ok thank you
Updated, my SSO with AzureAD still working :D
๐Ÿ’ฏ 1
z
As long as the Entity ID matches (as documented), folks should be good.
๐Ÿฆœ 1
r
@zwass hi, I noticed this release isnโ€™t on the main CHANGELOG will it be added there eventually? https://github.com/fleetdm/fleet/blob/main/CHANGELOG.md
z
@Ryan yes, thank you. We cut patch releases from branches separate from
main
and then need to commit the changelog back to
main
. I'll PR that now. Here it is on the patch branch: https://github.com/fleetdm/fleet/blob/release-candidate-4.9.1/CHANGELOG.md
r
ah right, ok thatโ€™s great ๐Ÿ™‚
thanks
we already patched
๐Ÿ˜Ž
z
Thanks for the reminder though! PR up now: https://github.com/fleetdm/fleet/pull/4005/files