Skip to content

SWIRL Community 4.5.0.7

Latest
Latest

Choose a tag to compare

View all tags
@sid-swirl sid-swirl released this 22 Jun 15:32
· 2 commits to main since this release
v4.5.0.7
ed63f42
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

SWIRL Community 4.5.0.7 — Security Patch
Fixes #1941:

  • OIDC privilege escalation: sign-in no longer provisions superuser/staff accounts, and no longer sets a shared hardcoded password.
  • Cross-user Microsoft token fallback: M365 token lookup is now strictly scoped to the requesting user; removed the fallback that could use another user's credentials.

No schema or dependency changes. Upgrade recommended for any deployment using OIDC sign-in or M365 connectors.

Assets 2
Loading