Skip to content

v1.34.0

Choose a tag to compare

@gavinbarron gavinbarron released this 08 Jul 20:03
9d4f80e

Changed

Fixed a path traversal vulnerability where workspace consumer identifiers (clientName/pluginName) and workspace configuration keys were used as filesystem path components without containment validation, allowing a crafted name (e.g. junk/../Victim) to overwrite another consumer's cached OpenAPI description. #7919

Full Changelog: v1.33.0...v1.34.0