Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Backport of auto-config: relax node name validation for JWT authorization into release/1.14.x #15372

Merged
merged 2 commits into from
Nov 15, 2022
Merged

Backport of auto-config: relax node name validation for JWT authorization into release/1.14.x #15372

merged 2 commits into from
Nov 15, 2022

Conversation

hc-github-team-consul-core
Copy link
Collaborator

Backport

This PR is auto-generated from #15370 to be assessed for backporting due to the inclusion of the label backport/1.14.

The below text is copied from the body of the original PR.

This changes the JWT authorization logic to allow all non-whitespace, non-quote characters when validating node names. Consul had previously allowed these characters in node names, until this validation was added to fix a security vulnerability with whitespace/quotes being passed to the bexpr library. This unintentionally broke node names with characters like . which aren't related to this vulnerability. This PR also adds a warning on agent startup if an invalid character is present in the node name (at some point we can consider changing this to a hard error).

Overview of commits

@hc-github-team-consul-core hc-github-team-consul-core requested a review from a team as a code owner November 15, 2022 00:25
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/auto-config-node-validation/firmly-desired-wombat branch from c96a161 to 3be9472 Compare November 15, 2022 00:25
@hc-github-team-consul-core hc-github-team-consul-core merged commit d9d0d92 into release/1.14.x Nov 15, 2022
@hc-github-team-consul-core hc-github-team-consul-core force-pushed the backport/auto-config-node-validation/firmly-desired-wombat branch from ca2b4b8 to 58e18de Compare November 15, 2022 00:25
@hc-github-team-consul-core hc-github-team-consul-core deleted the backport/auto-config-node-validation/firmly-desired-wombat branch November 15, 2022 00:25
@github-actions github-actions bot added theme/config Relating to Consul Agent configuration, including reloading type/docs Documentation needs to be created/updated/clarified labels Nov 15, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
theme/config Relating to Consul Agent configuration, including reloading type/docs Documentation needs to be created/updated/clarified
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hc-github-team-consul-core @kyhavlov