Releases: ctrliq/ascender
24.0.3
What's Changed
Upstream Patches
- Fix issue with websocket blocking forever - Upstream #15043
- Adding podAntiAffinity - Upstream #15578
- Resolve CI Issues
- Bump to receptor v1.4.9
Security Fixes
- Updated NPM packages to resolve multiple CVEs
- ansi-regex: CVE-2021-3807
- cookie: CVE-2024-47764
- minimatch: CVE-2022-3517
- rollup: CVE-2024-47068
- semver: CVE-2022-25883
24.0.2
What's Changed
Upstream Patches
- Fix failing bulk launch job due to create partition race
- Add restart for websocket
- Avoid race conditions when removing multiple instances
- Only refresh session if updating own password
- Wrap preload data in a transaction
- Fix error "Min value should be Decimal"
- Fix: catch correct exception when parsing filter
- Fix SAMLAuth backend to correctly return social auth pipeline results
Security Fixes
- Updated python dependencies to resolve multiple CVEs.
These CVEs were against the underlying packages we depend on, not directly on Ascender. For several of these, we did not use the affected code at all. They were resolved nevertheless as they will still be reported on any vulnerability scan on the container in your environment.
aiohttp - CVE-2024-42367
cryptography - CVE-2023-50782
cryptography - CVE-2024-26130
cryptography - CVE-2024-0727
cryptography - GHSA-h4gh-qq45-vh27
django - CVE-2024-45231
django - CVE-2024-45230
django - CVE-2024-39329
django - CVE-2024-38875
django - CVE-2024-39330
django - CVE-2024-39614
django - CVE-2024-27351
djangorestframework - CVE-2024-21520
dompurify - CVE-2024-45801
idna - CVE-2024-3651
jinja2 - CVE-2024-34064
jwcrypto - CVE-2023-6681
jwcrypto - CVE-2024-28102
pydantic - CVE-2024-3772
resolve - CVE-2024-35195
social-auth-app-django - CVE-2024-32879
sqlparse - CVE-2024-4340
twisted - CVE-2024-41671
twisted - CVE-2024-41810
urllib3 - CVE-2023-45803
urllib3 - CVE-2024-37891
uwsgi - CVE-2023-27522
zipp - CVE-2024-5569
- Updated NPM packages to resolve multiple CVEs
axios - CVE-2024-39338
braces - CVE-2024-4068
debug - CVE-2017-16137
micromatch - CVE-2024-4067
webpack - CVE-2024-43788
ws - CVE-2024-37890
(... and many more)
24.0.1
Fix CVE-2024-24680 - DJango DoS
Fix CVE-2024-30251 - AIOHTTP DoS (also fixes 2 other AIOHTTP related CVEs)
Update AWX NPM packages to resolve several CVEs
Restore Host Activity to Host Lists
Pin Docker and Request versions to fix build process
24.0.0
Sync to Upstream 24.0.0
Fix broken image on Migration page
23.9.0
Sync to Upstream 23.9.0
23.8.1
Sync to Upstream 23.8.1
23.8.0
Sync to Upstream 23.8.0
Add Ledger Logging option
23.7.0
Sync to Upstream 23.7.0
23.6.0
Sync to Upstream 23.6.0
23.5.1
Synced to the 23.5.1 release of the upstream project