Security fixes
GHSA-rj86-hm3r-c275
- Verify SSO state parameter in #1891
This vulnerability allowed an authorized Warpgate user A to share their SSO return link with another authorized Warpgate user B, potentially misleading B into getting logged in as A and subsequently sharing confidential information through user A's session.
Fixes
Full Changelog: v0.23.2...v0.23.3
What's Changed
- Verify state parameter by @Eugeny in #1891
- fix #1883 - re-normalize options.auth field for database targets by @Eugeny in #1892
Full Changelog: v0.23.2...v0.23.3