-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Document for GitOps 1.10.2 Release Notes
Fixing nitpick
- Loading branch information
1 parent
ecee4e0
commit b7cbf8c
Showing
3 changed files
with
48 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
// Module included in the following assembly: | ||
// | ||
// * release_notes/gitops-release-notes.adoc | ||
|
||
:_mod-docs-content-type: REFERENCE | ||
[id="gitops-release-notes-1-10-2_{context}"] | ||
= Release notes for {gitops-title} 1.10.2 | ||
|
||
{gitops-title} 1.10.2 is now available on {OCP} 4.12, 4.13, and 4.14. | ||
|
||
[id="fixed-issues-1-10-2_{context}"] | ||
== Fixed issues | ||
|
||
The following issue has been resolved in the current release: | ||
|
||
* Before this update, all versions of Argo CD `v2.8.3` and later were vulnerable to cross-server request forgery (CSRF) attacks. As a result, Argo CD would accept non-GET requests even if they did not specify their content type. This update fixes the issue by upgrading the Argo CD to `v.2.8.9` and patching this vulnerability in the Argo CD API. link:https://issues.redhat.com/browse/GITOPS-3922[GITOPS-3922] | ||
+ | ||
[IMPORTANT] | ||
==== | ||
Breaking change: The Argo CD API will no longer accept non-GET requests that do not specify application or JSON as their content type. Although the accepted content types list is configurable, do not disable the content type check completely. | ||
==== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
// Module included in the following assembly: | ||
// | ||
// * release_notes/gitops-release-notes.adoc | ||
|
||
:_mod-docs-content-type: REFERENCE | ||
[id="gitops-release-notes-1-9-4_{context}"] | ||
= Release notes for {gitops-title} 1.9.4 | ||
|
||
{gitops-title} 1.9.4 is now available on {OCP} 4.12, 4.13, and 4.14. | ||
|
||
[id="fixed-issues-1-9-4_{context}"] | ||
== Fixed issues | ||
|
||
The following issue has been resolved in the current release: | ||
|
||
* Before this update, all versions of Argo CD `v2.7.2` and later were vulnerable to cross-server request forgery (CSRF) attacks. As a result, Argo CD would accept non-GET requests even if they did not specify their content type. This update fixes the issue by upgrading the Argo CD to `v.2.7.16` and patching this vulnerability in the Argo CD API. link:https://issues.redhat.com/browse/GITOPS-3921[GITOPS-3921] | ||
+ | ||
[IMPORTANT] | ||
==== | ||
Breaking change: The Argo CD API will no longer accept non-GET requests that do not specify application or JSON as their content type. Although the accepted content types list is configurable, do not disable the content type check completely. | ||
==== |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters