Skip to content

Release 13.3.5#30832

Merged
camscale merged 4 commits intobranch/v13from
release/13.3.5
Aug 23, 2023
Merged

Release 13.3.5#30832
camscale merged 4 commits intobranch/v13from
release/13.3.5

Conversation

@camscale
Copy link
Copy Markdown
Contributor

@camscale camscale commented Aug 22, 2023
edited
Loading

  • Fixed a bug in teleport-cluster Helm chart causing Teleport to crash when AWS DynamoDB autoscaling is enabled. #30841
  • Added Teleport Assist to Web Terminal. #30811
  • Fixed S3 metric name for completed multipart uploads. #30710
  • Added the ability for tsh to register and enroll the --current-device. #30702
  • Fixed Review Requests to disallow reviews after request is resolved. #30690
  • Ensure that SSH session errors are reported to the terminal. #30684
  • Fixed an issue with tsh aws ssm start-session. #30668
  • Fixed an issue with the access request failing with invalid maxDuration. teleport.e#2037

Security fix

  • Security improvements with possible medium severity DoS conditions through protocol level attacks. #30854

@github-actions github-actions Bot requested review from rosstimothy and zmb3 August 22, 2023 10:20
zmb3
zmb3 reviewed Aug 22, 2023
View reviewed changes
Comment thread CHANGELOG.md Outdated
Copy link
Copy Markdown
Collaborator

@zmb3 zmb3 Aug 22, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@greedy52 can you suggest a better description than "fixed an issue" here?

Copy link
Copy Markdown
Contributor

@greedy52 greedy52 Aug 22, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It didn't work before. Maybe?

  • Fixed an issue tsh aws ssm start-session fails with an error

Copy link
Copy Markdown
Contributor Author

@camscale camscale Aug 22, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to figure out a better description for this one but I didn't know how to describe "endpoint URL mode" concisely and usefully.

Comment thread CHANGELOG.md Outdated
Comment thread CHANGELOG.md Outdated
jakule
jakule reviewed Aug 22, 2023
View reviewed changes
Comment thread CHANGELOG.md Outdated
@jentfoo jentfoo mentioned this pull request Aug 22, 2023
Merged
@zmb3
Copy link
Copy Markdown
Collaborator

zmb3 commented Aug 22, 2023
edited
Loading

@jentfoo did you purposely push changes to this branch? In most cases, the release commit only updates versions and the changelog. Is there any reason your fuzzing changes can't be backported in the typical manner?

Edit: I see this was the TODO that was marked for you. All good, just confused me for a minute :-) It will be a little confusing that this change is hidden in a "Release X.Y.Z" commit instead of it's own commit with a descriptive message though..

@jentfoo
Copy link
Copy Markdown
Contributor

jentfoo commented Aug 22, 2023

@zmb3 It's a late inclusion, from discussions with @camscale and @r0mant we thought this would be easiest

jentfoo
jentfoo reviewed Aug 22, 2023
View reviewed changes
Comment thread CHANGELOG.md Outdated
jakule
jakule reviewed Aug 22, 2023
View reviewed changes
Comment thread CHANGELOG.md Outdated
camscale and others added 3 commits August 23, 2023 11:37
@camscale
Release 13.3.5
b4efc61
@jentfoo @camscale
MFA Fuzzing and Json Unmarshal Panic fix
0e8a779 
This expands the coverage of fuzzing in `lib/web/fuzz_test.go` and includes adding seeds.
From this work a new panic was discovered where a pointer is allocated then a pointer to the pointer is passed into json.Unmarshal.  It is then possible for this original pointer to remain a `nil` reference.

This pattern looks unexpected, so all cases of double pointers being passed into json.Unmarshal were changed to the more standard empty struct pointer style to avoid potential nil reference panics.
@camscale
Reword changelog entries, add security fix changelog
c5e5e89
@camscale camscale added this pull request to the merge queue Aug 23, 2023
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Aug 23, 2023
@camscale camscale added this pull request to the merge queue Aug 23, 2023
Merged via the queue into branch/v13 with commit 6d48de6 Aug 23, 2023
@camscale camscale deleted the release/13.3.5 branch August 23, 2023 02:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@zmb3 zmb3 zmb3 left review comments

@greedy52 greedy52 greedy52 left review comments

@r0mant r0mant r0mant approved these changes

@rosstimothy rosstimothy Awaiting requested review from rosstimothy

+2 more reviewers

@jakule jakule jakule left review comments

@jentfoo jentfoo jentfoo approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

backport helm size/sm

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@camscale @zmb3 @jentfoo @r0mant @greedy52 @jakule