Eldon Koyle
Eldon Koyle
The web UI will allow a client-generated `private id` to be used (by altering the value of the hidden `new_url` input), which allows a malicious user to view and/or modify...
Don't even pass new_url to client, generate it after the post to prevent tampering. Also fixes #57
This adds a server secret and uses it to sign the generated url with a timestamp to prevent client-side tampering. Needs testing and will break existing installations due to additional...
Required items, please complete Change(s): - Change the backend data format for the Corelight solution Reason for Change(s): - Low performance from existing solution Version Updated: - Yes Testing Completed:...
* set SHARKD_SOCKET=/home/node/sharkd.sock in Dockerfile * don't rm socket if it doesn't exist * closes #23
## Details Workaround for `required=False` not being honored by django-rest-framework and/or drf_spectacular. Fixes goauthentik#9787 (for python bindings, at least). This at least allows responses to be validated, however schema.yml still...
Use tarfile from python 3.12 to handle bundles in a safer way. Ignore user permissions where possible, and don't copy unsafe permissions/files. `tarfile_fallback.py` was copied from the latest python 3.8...
I noticed a minor issue here: https://github.com/zeek/package-manager/blob/da77d8f97f0400852a69bc070ee0ca2ad5c3f8c4/zeekpkg/manager.py#L2748-L2786 This pattern will cause a deadlock if the child process writes enough to stdout to fill the buffer and block. ``` p =...
The umask set by a user affects permissions of files on disk, which are then honored when creating the zkg bundle tarball. Setting a umask to something like 0027 is...
**Describe the bug** It appears that the logs returned by `Importer` (from `authentik.blueprints.v1.importer`) now return `LogEvent` objects rather than `dict`, which causes an exception during the handling of failed validation....