Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330

Merged
merged 1 commit into from
Nov 24, 2020
Merged

Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests #29330

merged 1 commit into from
Nov 24, 2020

Conversation

wbrowne
Copy link
Member

@wbrowne wbrowne commented Nov 24, 2020

No description provided.

@wbrowne wbrowne added the old backport v7.3.x Mark PR to be automatically backported to v7.3.x label Nov 24, 2020
@wbrowne wbrowne added this to the 7.3.4 milestone Nov 24, 2020
@wbrowne wbrowne requested a review from a team as a code owner November 24, 2020 09:04
@wbrowne wbrowne requested review from kylebrandt and jessabe and removed request for a team November 24, 2020 09:04
@torkelo torkelo changed the title Fix webook Security: Fix minor security issue with alert notification webhooks that allowed GET & DELETE requests Nov 24, 2020
@torkelo torkelo changed the title Security: Fix minor security issue with alert notification webhooks that allowed GET & DELETE requests Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests Nov 24, 2020
bergquist
bergquist approved these changes Nov 24, 2020
View reviewed changes
Copy link
Contributor

@bergquist bergquist left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@torkelo torkelo merged commit d796c61 into master Nov 24, 2020
@torkelo torkelo deleted the webhook-fix branch November 24, 2020 09:42
@grafanabot grafanabot mentioned this pull request Nov 24, 2020
Merged
grafanabot pushed a commit that referenced this pull request Nov 24, 2020
@wbrowne @grafanabot
Security: Fixes minor security issue with alert notification webhooks…
9183990 
… that allowed GET & DELETE requests #29330

(cherry picked from commit d796c61)
torkelo pushed a commit that referenced this pull request Nov 24, 2020
@grafanabot @wbrowne
Security: Fixes minor security issue with alert notification webhooks…
be6425d 
… that allowed GET & DELETE requests #29330 (#29335)

(cherry picked from commit d796c61)

Co-authored-by: Will Browne <wbrowne@users.noreply.github.com>
xlson added a commit to AgnesToulet/grafana that referenced this pull request Nov 24, 2020
@xlson
Merge branch 'master' into config-hidden-users
e94c168 
* master: (71 commits)
  Security: Fixes minor security issue with alert notification webhooks that allowed GET & DELETE requests grafana#29330
  Chore: Bump storybook to v6 (grafana#28926)
  ReleaseNotes: Updates release notes link in package.json (master) (grafana#29329)
  Docs: Accurately reflecting available variables (grafana#29302)
  Heatmap: Fixes issue introduced by new eventbus (grafana#29322)
  Dashboard Schemas (grafana#28793)
  devenv: Add docker load test which authenticates with API key (grafana#28905)
  Login: Fixes redirect url encoding issues of # %23 being unencoded after login (grafana#29299)
  InfluxDB: update flux library and support boolean label values (grafana#29310)
  Explore/Logs: Update Parsed fields to Detected fields (grafana#28881)
  GraphNG: Init refactorings and fixes (grafana#29275)
  fixing a broken relref link (grafana#29312)
  Drone: Upgrade build pipeline tool (grafana#29308)
  decreasing frontend docs threshold. (grafana#29304)
  Docker: update docker root group docs and docker image (grafana#29222)
  WebhookNotifier: Convert tests away from goconvey (grafana#29291)
  Annotations: fixing so when changing annotations query links submenu will be updated. (grafana#28990)
  [graph-ng] add temporal DataFrame alignment/outerJoin & move null-asZero pass inside (grafana#29250)
  Dashboard: Fixes kiosk state after being redirected to login page and back (grafana#29273)
  make it possible to hide change password link in profile menu (grafana#29246)
  ...
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bergquist bergquist bergquist approved these changes

@kylebrandt kylebrandt Awaiting requested review from kylebrandt

@jessabe jessabe Awaiting requested review from jessabe

Assignees
No one assigned
Labels
add to changelog old backport v7.3.x Mark PR to be automatically backported to v7.3.x
Projects
None yet
Milestone
7.3.4
Development

Successfully merging this pull request may close these issues.
3 participants
@wbrowne @bergquist @torkelo