Security Advisory
- CVE-2026-23990 - Web UI Impersonation Bypass via Empty OIDC Claims
What's Changed
- ci: Set
GITHUB_TOKENto avoid rate limits in tests by @stefanprodan in #603 - operator: introduce support for looking up GH app installation ID by @matheuscscp in #601
- docs: fix YAML formatting for web SSO guides by @matheuscscp in #604
- web: strict validation for RBAC impersonation by @matheuscscp in #610
- web: return provider info for auth debugging by @matheuscscp in #611
- web: add user profile page with identity information by @stefanprodan in #615
- web: add faster polling when actions are in flight by @stefanprodan in #616
- web: track the user who suspended a resource by @stefanprodan in #617
- Release v0.40.0 by @stefanprodan in #619
Full Changelog: v0.39.0...v0.40.0