Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade jfrog-platform to fix security issue JA-7492 #1851

Closed
ailichev opened this issue Dec 18, 2023 · 1 comment · Fixed by #1853
Closed

Upgrade jfrog-platform to fix security issue JA-7492 #1851

ailichev opened this issue Dec 18, 2023 · 1 comment · Fixed by #1853

Comments

@ailichev
Copy link

Hello.

Will you plan to relase jfrog-platform new version to fix the security issue JA-7492 whereby, interacting with specially crafted URLs could lead to exposure of sensitive information?
The Artifactory release is 7.71.8 (https://jfrog.com/help/r/jfrog-release-information/artifactory-7.71.8-self-hosted). JFrog-platform is still on previous Artifactory release 7.71.5.
@chukka
Copy link
Collaborator

chukka commented Dec 19, 2023
edited
Loading

@ailichev we are planning to release a new jfrog-platform chart in a day or two along with artifactory 7.71.10 patch release .

As a workaround solution , you can still upgrade to latest version of artifactory - 7.71.8 in jfrog-platform chart by passing

  1. this flag --set global.versions.artifactory=7.71.8
    or
  2. using below custom_values.yaml
global:
  versions:
    artifactory: 7.71.8

@chukka chukka mentioned this issue Dec 21, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[jfrog-platform] 10.16.4 release jfrog/charts
2 participants
@ailichev @chukka