Skip to content

Releases: ctrliq/ascender

24.0.3

21 Oct 20:22
9f43942
Compare
Choose a tag to compare

What's Changed

Upstream Patches

  • Fix issue with websocket blocking forever - Upstream #15043
  • Adding podAntiAffinity - Upstream #15578
  • Resolve CI Issues
  • Bump to receptor v1.4.9

Security Fixes

24.0.2

17 Sep 02:37
958c304
Compare
Choose a tag to compare

What's Changed

Upstream Patches

  • Fix failing bulk launch job due to create partition race
  • Add restart for websocket
  • Avoid race conditions when removing multiple instances
  • Only refresh session if updating own password
  • Wrap preload data in a transaction
  • Fix error "Min value should be Decimal"
  • Fix: catch correct exception when parsing filter
  • Fix SAMLAuth backend to correctly return social auth pipeline results

Security Fixes

  • Updated python dependencies to resolve multiple CVEs.

These CVEs were against the underlying packages we depend on, not directly on Ascender. For several of these, we did not use the affected code at all. They were resolved nevertheless as they will still be reported on any vulnerability scan on the container in your environment.

aiohttp - CVE-2024-42367
cryptography - CVE-2023-50782
cryptography - CVE-2024-26130
cryptography - CVE-2024-0727
cryptography - GHSA-h4gh-qq45-vh27
django - CVE-2024-45231
django - CVE-2024-45230
django - CVE-2024-39329
django - CVE-2024-38875
django - CVE-2024-39330
django - CVE-2024-39614
django - CVE-2024-27351
djangorestframework - CVE-2024-21520
dompurify - CVE-2024-45801
idna - CVE-2024-3651
jinja2 - CVE-2024-34064
jwcrypto - CVE-2023-6681
jwcrypto - CVE-2024-28102
pydantic - CVE-2024-3772
resolve - CVE-2024-35195
social-auth-app-django - CVE-2024-32879
sqlparse - CVE-2024-4340
twisted - CVE-2024-41671
twisted - CVE-2024-41810
urllib3 - CVE-2023-45803
urllib3 - CVE-2024-37891
uwsgi - CVE-2023-27522
zipp - CVE-2024-5569

  • Updated NPM packages to resolve multiple CVEs

axios - CVE-2024-39338
braces - CVE-2024-4068
debug - CVE-2017-16137
micromatch - CVE-2024-4067
webpack - CVE-2024-43788
ws - CVE-2024-37890
(... and many more)

24.0.1

05 Jun 19:57
14000ee
Compare
Choose a tag to compare

Fix CVE-2024-24680 - DJango DoS
Fix CVE-2024-30251 - AIOHTTP DoS (also fixes 2 other AIOHTTP related CVEs)
Update AWX NPM packages to resolve several CVEs
Restore Host Activity to Host Lists
Pin Docker and Request versions to fix build process

24.0.0

14 Mar 17:44
53e21ea
Compare
Choose a tag to compare

Sync to Upstream 24.0.0
Fix broken image on Migration page

23.9.0

12 Mar 19:59
a9adf37
Compare
Choose a tag to compare

Sync to Upstream 23.9.0

23.8.1

16 Feb 00:30
b850ff1
Compare
Choose a tag to compare

Sync to Upstream 23.8.1

23.8.0

15 Feb 16:47
dc1681a
Compare
Choose a tag to compare

Sync to Upstream 23.8.0
Add Ledger Logging option

23.7.0

07 Feb 05:15
870d65e
Compare
Choose a tag to compare

Sync to Upstream 23.7.0

23.6.0

02 Jan 22:35
7c45261
Compare
Choose a tag to compare

Sync to Upstream 23.6.0

23.5.1

05 Dec 20:14
b5a28a6
Compare
Choose a tag to compare

Synced to the 23.5.1 release of the upstream project