24.0.2

github-actions released this 17 Sep 02:37

· 14 commits to main since this release

958c304

What's Changed

Upstream Patches

Fix failing bulk launch job due to create partition race
Add restart for websocket
Avoid race conditions when removing multiple instances
Only refresh session if updating own password
Wrap preload data in a transaction
Fix error "Min value should be Decimal"
Fix: catch correct exception when parsing filter
Fix SAMLAuth backend to correctly return social auth pipeline results

Security Fixes

Updated python dependencies to resolve multiple CVEs.

These CVEs were against the underlying packages we depend on, not directly on Ascender. For several of these, we did not use the affected code at all. They were resolved nevertheless as they will still be reported on any vulnerability scan on the container in your environment.

aiohttp - CVE-2024-42367
cryptography - CVE-2023-50782
cryptography - CVE-2024-26130
cryptography - CVE-2024-0727
cryptography - GHSA-h4gh-qq45-vh27
django - CVE-2024-45231
django - CVE-2024-45230
django - CVE-2024-39329
django - CVE-2024-38875
django - CVE-2024-39330
django - CVE-2024-39614
django - CVE-2024-27351
djangorestframework - CVE-2024-21520
dompurify - CVE-2024-45801
idna - CVE-2024-3651
jinja2 - CVE-2024-34064
jwcrypto - CVE-2023-6681
jwcrypto - CVE-2024-28102
pydantic - CVE-2024-3772
resolve - CVE-2024-35195
social-auth-app-django - CVE-2024-32879
sqlparse - CVE-2024-4340
twisted - CVE-2024-41671
twisted - CVE-2024-41810
urllib3 - CVE-2023-45803
urllib3 - CVE-2024-37891
uwsgi - CVE-2023-27522
zipp - CVE-2024-5569

Updated NPM packages to resolve multiple CVEs

axios - CVE-2024-39338
braces - CVE-2024-4068
debug - CVE-2017-16137
micromatch - CVE-2024-4067
webpack - CVE-2024-43788
ws - CVE-2024-37890
(... and many more)

Assets 2