2023.3.2 breaks backups via supervisor API #90400
Comments
|
It's probably due to tightening of security in PR: #89379 |
|
Seems due to the CVE the fix was to disable access to the Supervisor all together. This has left our backup and monitoring system offline. Could it not be possible to fix the authentication issue and allow access to the API again in a more secure manner? |
|
@andriej yes, most probably it is related to that commit, however i wasn't able to figure out if this denied access altogether, or if it can be tweaked to be working again (the supervisor API documentation didn't seem to have changed) @BradleyGeldenhuys the CVE fix came with 2023.3.0: https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/ |
|
Correct, but still an issue since then. |
Could you downgrade to 2023.3.1. ? (edited the version number) |
|
I will let you know. |
|
Tested 2023.3.1 and backups are still working. Updated to 2023.3.2 and get 401Unauthorized |
|
Still an issue with the latest release |
|
Duplicate of #89919 |
|
I guess we are out of luck with this. I have found this thread: https://community.home-assistant.io/t/supervisor-external-api-access/428649/2 I haven't had the time to try it out yet, but I am leaving it here for refernce. |
The problem
Before 2023.3.2 i was able to create and download backups remotely with simple http calls with a Bearer token. This somehow changed 2023.3.2. Now I am getting 401 error for these calls.
What version of Home Assistant Core has the issue?
2023.3.2
What was the last working version of Home Assistant Core?
2023.3.1
What type of installation are you running?
Home Assistant OS
Integration causing the issue
No response
Link to integration documentation on our website
No response
Diagnostics information
No response
Example YAML snippet
No response
Anything in the logs that might be useful for us?
No response
Additional information
No response
The text was updated successfully, but these errors were encountered: