Skip to content

v1.9.1

Choose a tag to compare

View all tags
@jtschladen jtschladen released this 28 May 17:19
· 75 commits to main since this release
v1.9.1
f478458
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
  • Fixed authorization bypass (GHSA-qcqw-jwxc-2hqg) where StrictRolePermission and AuthorityCreatorPermission
    granted access to any authenticated user on default Lemur installs. Both LEMUR_STRICT_ROLE_ENFORCEMENT and
    ADMIN_ONLY_AUTHORITY_CREATION now default to True (fail-closed). Existing installs that explicitly set
    either flag to False are unaffected.
Assets 2
Loading