Update ghcr.io/warp-tech/warpgate Docker tag to v0.10.2

[renovate[bot]]

This PR contains the following updates:

Package	Update	Change
ghcr.io/warp-tech/warpgate	minor	v0.8.1 -> v0.10.2

---

Release Notes

warp-tech/warpgate (ghcr.io/warp-tech/warpgate)

v0.10.2

Compare Source

Security fixes

CVE-2024-43410 - SSH OOM DoS through malicious packet length

It was possible for an attacker to cause Warpgate to allocate an arbitrary amount of memory by sending a packet with a malformed length field, potentially causing the service to get killed due to excessive RAM usage.

Other fIxes

• c328127: fixed #​941 - unnecessary port number showing up in external URLs

v0.10.1

Compare Source

Fixes

• ed6f68c: fixed #​1017 - fixed broken HTTP proxying
• daacd55: fixed #​972 - ssh: only offer available auth methods after a rejected public key offer

v0.10.0

Compare Source

HTTP

• Added remote_addr to logs #​945 (Néfix Estrada)
• TLS implementation switched to Rustls

SSH

• Made inactivity timeout configurable (#​990) #​990 (Néfix Estrada)
• 5551c33: Switch OOB SSO authentication for SSH to use the instructions instead of the name (#​964) (Shea Smith) #​964
• Bumped russh to v0.44
• 8896bb3: fixed #​961 - added option to allow insecure ssh key exchanges (#​971) #​971

SSO

• 916d51a: Add support for role mappings on custom SSO providers. (#​920) (Skyler Mansfield) #​920
• 75a2b8c: fixed #​929 - support additional trusted OIDC audiences

UI

• 257fb38: Enhance ticket creation api and UI to support ticket expiry (#​957) (Thibaud Lepretre) #​957
• f3dc1ad: Enhance ticket creation api and UI to support ticket number of usage (#​959) (Thibaud Lepretre) #​959

Other changes

• 72236d0: Added options to specify per-protocol external ports (#​973) #​973
• Added arm64 docker image #​930 (Zasda Yusuf Mikail)
• 81cefeb: fixed #​966 - don't actually try to tighten config file permissions unless necessary
• 7e45fa5: migrate from moment to date-fns (#​988) (Konstantin Nosov) #​988
• b65a189: Upgrade TypeScript and Svelte Versions (#​995) (Yachen Mao) #​995

v0.9.1

Compare Source

Security fixes

CVE-2023-48795 - Terrapin Attack [12fdf62]

A flaw in the SSH protocol itself allows an active MitM attacker to prevent the client & server from negotiating OpenSSH security extensions, or, with AsyncSSH, take control of the user's session.

This release adds the support for the kex-strict-*-v00@​openssh.com extensions designed by OpenSSH specifically to prevent this attack.

More info: https://terrapin-attack.com

Changes

• 21d6ab4: make HTTP session timeout and cookie age configurable in the config file (Nicolas SEYS) #​922

v0.9.0

Compare Source

Security fixes

CVE-2023-48712

:warning: Update ASAP.

This vulnerability allows a user to escalate their privileges if the admin account isn't protected by 2FA.

Migration

• If you have a proxy in front of Warpgate setting X-Forwarded-* headers, set http.trust_x_forwarded_for to true in the config file.

Changes

• b0a9130: Add support for trusting X-Forwarded-For header to get client IP (Skyler Mansfield) #​921
• d9af747: Add better support for X-Forward-* headers when constructing external url (Skyler Mansfield) #​921

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.