artifacthub helm/harbor/harbor 1.9.3
v1.9.3
on Artifact Hub

latest releases: 1.12.6, 1.13.4, 1.14.2...
22 months ago

Resolved Issues

  • Full list of issues fixed in v1.9.3

  • Fix security issue: a user with Project-Admin capabilities can utilize and exploit SQL Injection to read secrets from the underlying database or conduct privilege escalation.
    GHSA-qcfv-8v29-469w

  • Fix security issue: An authenticated administrator can send a specially crafted SQL payload through the GET parameter sort, allowing the extraction of sensitive information from the database.
    GHSA-rh89-vvrg-fg64

  • Fix security issue: a normal user to gain administrator account privileges by making an API call to modify the email address of a specific user
    GHSA-3868-7c5x-4827

  • Fix security issue: Non-administrator users (such as those created via self-registration) can list all usernames and user IDs by sending a GET request to /api/users/search with no parameters
    GHSA-6qj9-33j4-rvhg

  • Fix security issue: without protection against Cross-Site Request Forgery (CSRF), an attacker can execute any action on the platform in the context of the currently authenticated victim
    GHSA-gcqm-v682-ccw6

Known Issues:

  • Migrating to 1.9 can take a few minutes before API is callable. This is due to the implementation of quotas. #8935
  • Replication does not work between a Harbor instance of a previous version and a Harbor 1.9.0 instance and is not supported by Harbor team. #8673
Check out latest releases or
releases around helm/harbor/harbor 1.9.3

Don't miss a new harbor release

NewReleases is sending notifications on new releases.

Get notifications