Skip to content

v1.5.2
Compare
Choose a tag to compare
@farhatahmad farhatahmad released this 16 May 13:43
· 4 commits to v1.5-stable since this release
v1.5.2
6116ab5
This commit was created on github.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Release notes - Scalelite - Version 1.5.2

Security Fixes:

Important: We removed support for POST requests on join endpoint and also Content-Type headers are now required

In Scalelite v1.5.2 POST requests are no longer allowed for the join endpoint. To ensure they are validated properly, a Content-Type header must also be provided for POST requests that contain data in the request body. Endpoints now support a limited set of content types that includes text/xml, application/xml, application/x-www-form-url-encoded, and multipart/form-data. By default each endpoint only supports application/x-www-form-urlencoded and multipart/form-data, but individual endpoints can override this and define their own set of supported content types. The create endpoint supports all of the four previously listed content types while insertDocument supports only text/xml and application/xml. Any requests with a content type that differs from the set supported by the target endpoint will be rejected with a new unsupportedContentType error.

Notes:

Security advisory will be published not earlier than May 31, 2024: https://github.com/blindsidenetworks/scalelite/security/advisories/GHSA-p3q9-qff5-97p7

Release tested by contributors [ @farhatahmad ] composer deployment

Contributors

farhatahmad
Assets 2
Loading