mirror of
https://github.com/pgadmin-org/pgadmin4.git
synced 2024-11-25 02:00:19 -06:00
Fixed a security issue where the OAuth2 client ID and secret exposed through the web browser (CVE-2024-9014). #7945
This commit is contained in:
parent
1f53baee8f
commit
a0aa185518
@ -2,7 +2,7 @@
|
|||||||
Version 8.12
|
Version 8.12
|
||||||
************
|
************
|
||||||
|
|
||||||
Release date: 2024-09-19
|
Release date: 2024-09-23
|
||||||
|
|
||||||
This release contains a number of bug fixes and new features since the release of pgAdmin 4 v8.11.
|
This release contains a number of bug fixes and new features since the release of pgAdmin 4 v8.11.
|
||||||
|
|
||||||
@ -39,4 +39,5 @@ Bug fixes
|
|||||||
| `Issue #7839 <https://github.com/pgadmin-org/pgadmin4/issues/7839>`_ - Added support for OIDC based OAuth2 authentication.
|
| `Issue #7839 <https://github.com/pgadmin-org/pgadmin4/issues/7839>`_ - Added support for OIDC based OAuth2 authentication.
|
||||||
| `Issue #7878 <https://github.com/pgadmin-org/pgadmin4/issues/7878>`_ - Fixed an issue where cursor moves to end of line when editing input fields.
|
| `Issue #7878 <https://github.com/pgadmin-org/pgadmin4/issues/7878>`_ - Fixed an issue where cursor moves to end of line when editing input fields.
|
||||||
| `Issue #7890 <https://github.com/pgadmin-org/pgadmin4/issues/7890>`_ - Fixed an issue where "Quit App" confirmation modal in desktop app is not respecting "Confirm on close or refresh?".
|
| `Issue #7890 <https://github.com/pgadmin-org/pgadmin4/issues/7890>`_ - Fixed an issue where "Quit App" confirmation modal in desktop app is not respecting "Confirm on close or refresh?".
|
||||||
| `Issue #7895 <https://github.com/pgadmin-org/pgadmin4/issues/7895>`_ - Fixed an issue where different client backend shows all SQL are same.
|
| `Issue #7895 <https://github.com/pgadmin-org/pgadmin4/issues/7895>`_ - Fixed an issue where different client backend shows all SQL are same.
|
||||||
|
| `Issue #7945 <https://github.com/pgadmin-org/pgadmin4/issues/7945>`_ - Fixed a security issue where the OAuth2 client ID and secret exposed through the web browser (CVE-2024-9014).
|
@ -4,6 +4,15 @@
|
|||||||
{% for key, lang in config.LANGUAGES.items() %}
|
{% for key, lang in config.LANGUAGES.items() %}
|
||||||
{% set _ = ns.langOptions.append({'value': key, 'label': lang}) %}
|
{% set _ = ns.langOptions.append({'value': key, 'label': lang}) %}
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
{% set oauth2_config = [] %}
|
||||||
|
{% for i in config.OAUTH2_CONFIG %}
|
||||||
|
{% set _tmp = oauth2_config.append({'OAUTH2_NAME': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_NAME'],
|
||||||
|
'OAUTH2_BUTTON_COLOR': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_BUTTON_COLOR'],
|
||||||
|
'OAUTH2_DISPLAY_NAME': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_DISPLAY_NAME'],
|
||||||
|
'OAUTH2_ICON': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_ICON']
|
||||||
|
}) %}
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
{% set page_props = {
|
{% set page_props = {
|
||||||
'userLanguage': user_language,
|
'userLanguage': user_language,
|
||||||
'langOptions': ns.langOptions,
|
'langOptions': ns.langOptions,
|
||||||
@ -15,7 +24,7 @@
|
|||||||
'OAUTH2': config.OAUTH2,
|
'OAUTH2': config.OAUTH2,
|
||||||
'KERBEROS': config.KERBEROS,
|
'KERBEROS': config.KERBEROS,
|
||||||
},
|
},
|
||||||
'oauth2Config': config.OAUTH2_CONFIG,
|
'oauth2Config': oauth2_config,
|
||||||
'loginBanner': config.LOGIN_BANNER|safe
|
'loginBanner': config.LOGIN_BANNER|safe
|
||||||
} %}
|
} %}
|
||||||
{% extends "security/render_page.html" %}
|
{% extends "security/render_page.html" %}
|
||||||
|
Loading…
Reference in New Issue
Block a user