Skip to content

v0.3.0
Compare
Choose a tag to compare
@github-actions github-actions released this 01 Oct 16:29
· 133 commits to master since this release
v0.3.0
213685b

Additional Notes

This last one has been a bit of a major revamp adding support for cloud integration to azure, s3, and gcs. The library I've ended up using to support this stow, introduced a security issue. This SHOULD not be an issue since it's a CLI tool with no service component, but for those concern see note below. Any version prior to 0.3.0 won't have this issue.

Future version will likely change to some type of plugin system to avoid affecting the base binary if you're not using the feature. Or dropping azure support in the future since that's the main culprit.

jwt-go allows attackers to bypass intended access restrictions in situations with []string{} for m["aud"] (which is allowed by the specification). Because the type assertion fails, "" is the value of aud. This is a security problem if the JWT token is presented to a service that lacks its own audience check. There is no patch available and users of jwt-go are advised to migrate to golang-jwt at version 3.2.1

Changelog

  • 03ff2b9 Bumping version number to match milestone
  • 5f37938 Bumping version to 0.2.2
  • baceb4a Creating a Generic Cloud support for S3, GCP, Azure, etc. (#100)
  • f6986ba Disable auto-close of issues and PRs.
  • d5faed9 Updating README
  • 213685b [BUG] Fixing unit tests for tag filtering.
  • c71936b [TechDebt] Removing deprecated use of io/ioutils
  • c621ecd feat: allow action on dashboard by tag (#104)
Assets 20
Loading