This is a security release of Lagoon! Learn more at #1646 about the vulnerability
As this is a security release that has already been applied to production clusters, and v1.3.0 is due out in the next week, no base images have been published to docker hub for this release.
Full list of changes by subsystem
API & Authentication:
- Protect auth-server with admin token ea7b2c4 (reported by @smlx fixed by @rocketeerbkw)
- Create jwt token inside ssh service via bash instead of npm 9aa9076 20a821b (@Schnitzel @rocketeerbkw)
Build & Deploy:
- Remove unused parameters that also caused build to fail 928f2b7 (@Schnitzel)
Testing and Local Development:
- Implement SKIP_IMAGE_PUBLISH cbe2073 (@Schnitzel)
Release Video:
https://www.youtube.com/watch?v=I5cYgRnfFDA
Alternative Release Names:
- MultiPass
- These are not the tokens you’re looking for
- Just When You Thought We Couldn’t Get Any More Parallel Branches, We Go And Pull A Stunt Like This
- The one where we discovered a vulnerability, patched and released in 24 hours, all on a Friday