fix: missing chars in authelia server 401 #233
Conversation
|
I am a bot, here are the test results for this PR: |
|
I think there is a mistake. The block you add |
You're absolutely right, thanks for spotting @GeoCookie, does that look better? |
|
I am a bot, here are the test results for this PR: |
|
Related: #213 I can either probably combine this into #213 or we can opt to remove it entirely. Users who don't update authelia should already have this patch from swag, and should realistically update anyway since the CVE notice has long been available. Users setting up a new install of Authelia should be using the latest version, and thus don't need this workaround (which was intended as a temporary one to mitigate issues for users who don't pay attention to security things). As one of the team member I'm more than willing to provide people backported fixes for old versions if they prefer, however we strongly recommend upgrading. |
|
This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
This is being handled by a pending change. Closing. |
4 participants
Description:
This is NOT a security fix. The following addresses a problem with Synology which uses a non-standard char in the DSM application
{}. This alleviates this issue. I don't believe it needs to be fixed in existing configs but I'll leave that up to you.I think another option would be removing this check entirely as the version affected in the original CVE is over a year old at this point. Let me know what you think. I have not expressly checked the change to
50-configbut I suspect that'll be picked up in CI.Benefits of this PR and context:
How Has This Been Tested?
Source / References: