Fixed a security issue where the OAuth2 client ID and secret exposed through the web browser (CVE-2024-9014). #7945

This commit is contained in:
Khushboo Vashi 2024-09-20 08:44:38 +05:30 committed by Akshay Joshi
parent 1f53baee8f
commit a0aa185518
2 changed files with 13 additions and 3 deletions

View File

@ -2,7 +2,7 @@
Version 8.12 Version 8.12
************ ************
Release date: 2024-09-19 Release date: 2024-09-23
This release contains a number of bug fixes and new features since the release of pgAdmin 4 v8.11. This release contains a number of bug fixes and new features since the release of pgAdmin 4 v8.11.
@ -39,4 +39,5 @@ Bug fixes
| `Issue #7839 <https://github.com/pgadmin-org/pgadmin4/issues/7839>`_ - Added support for OIDC based OAuth2 authentication. | `Issue #7839 <https://github.com/pgadmin-org/pgadmin4/issues/7839>`_ - Added support for OIDC based OAuth2 authentication.
| `Issue #7878 <https://github.com/pgadmin-org/pgadmin4/issues/7878>`_ - Fixed an issue where cursor moves to end of line when editing input fields. | `Issue #7878 <https://github.com/pgadmin-org/pgadmin4/issues/7878>`_ - Fixed an issue where cursor moves to end of line when editing input fields.
| `Issue #7890 <https://github.com/pgadmin-org/pgadmin4/issues/7890>`_ - Fixed an issue where "Quit App" confirmation modal in desktop app is not respecting "Confirm on close or refresh?". | `Issue #7890 <https://github.com/pgadmin-org/pgadmin4/issues/7890>`_ - Fixed an issue where "Quit App" confirmation modal in desktop app is not respecting "Confirm on close or refresh?".
| `Issue #7895 <https://github.com/pgadmin-org/pgadmin4/issues/7895>`_ - Fixed an issue where different client backend shows all SQL are same. | `Issue #7895 <https://github.com/pgadmin-org/pgadmin4/issues/7895>`_ - Fixed an issue where different client backend shows all SQL are same.
| `Issue #7945 <https://github.com/pgadmin-org/pgadmin4/issues/7945>`_ - Fixed a security issue where the OAuth2 client ID and secret exposed through the web browser (CVE-2024-9014).

View File

@ -4,6 +4,15 @@
{% for key, lang in config.LANGUAGES.items() %} {% for key, lang in config.LANGUAGES.items() %}
{% set _ = ns.langOptions.append({'value': key, 'label': lang}) %} {% set _ = ns.langOptions.append({'value': key, 'label': lang}) %}
{% endfor %} {% endfor %}
{% set oauth2_config = [] %}
{% for i in config.OAUTH2_CONFIG %}
{% set _tmp = oauth2_config.append({'OAUTH2_NAME': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_NAME'],
'OAUTH2_BUTTON_COLOR': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_BUTTON_COLOR'],
'OAUTH2_DISPLAY_NAME': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_DISPLAY_NAME'],
'OAUTH2_ICON': config.OAUTH2_CONFIG[loop.index-1]['OAUTH2_ICON']
}) %}
{% endfor %}
{% set page_props = { {% set page_props = {
'userLanguage': user_language, 'userLanguage': user_language,
'langOptions': ns.langOptions, 'langOptions': ns.langOptions,
@ -15,7 +24,7 @@
'OAUTH2': config.OAUTH2, 'OAUTH2': config.OAUTH2,
'KERBEROS': config.KERBEROS, 'KERBEROS': config.KERBEROS,
}, },
'oauth2Config': config.OAUTH2_CONFIG, 'oauth2Config': oauth2_config,
'loginBanner': config.LOGIN_BANNER|safe 'loginBanner': config.LOGIN_BANNER|safe
} %} } %}
{% extends "security/render_page.html" %} {% extends "security/render_page.html" %}