From fdbdab2bc6dbefba21ea249aa3d6c10b93cd1439 Mon Sep 17 00:00:00 2001 From: "Community Hass.io Add-ons Bot" Date: Mon, 17 Dec 2018 20:46:16 +0000 Subject: [PATCH] :tada: Release of add-on InfluxDB 1.2.1 --- README.md | 6 +++--- influxdb/CHANGELOG.md | 36 +++++++++++++++++++++--------------- influxdb/README.md | 6 +++--- influxdb/config.json | 2 +- 4 files changed, 28 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 7787c1ff..e5f26bc1 100644 --- a/README.md +++ b/README.md @@ -602,10 +602,10 @@ SOFTWARE. [ide-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg [ide-armhf-shield]: https://img.shields.io/badge/armhf-yes-green.svg [ide-i386-shield]: https://img.shields.io/badge/i386-yes-green.svg -[addon-influxdb]: https://github.com/hassio-addons/addon-influxdb/tree/v1.2.0 -[addon-doc-influxdb]: https://github.com/hassio-addons/addon-influxdb/blob/v1.2.0/README.md +[addon-influxdb]: https://github.com/hassio-addons/addon-influxdb/tree/v1.2.1 +[addon-doc-influxdb]: https://github.com/hassio-addons/addon-influxdb/blob/v1.2.1/README.md [influxdb-issue]: https://github.com/hassio-addons/addon-influxdb/issues -[influxdb-version-shield]: https://img.shields.io/badge/version-v1.2.0-blue.svg +[influxdb-version-shield]: https://img.shields.io/badge/version-v1.2.1-blue.svg [influxdb-pulls-shield]: https://img.shields.io/docker/pulls/hassioaddons/influxdb-armhf.svg [influxdb-aarch64-shield]: https://img.shields.io/badge/aarch64-yes-green.svg [influxdb-amd64-shield]: https://img.shields.io/badge/amd64-yes-green.svg diff --git a/influxdb/CHANGELOG.md b/influxdb/CHANGELOG.md index 87cb02e9..148c069c 100644 --- a/influxdb/CHANGELOG.md +++ b/influxdb/CHANGELOG.md @@ -1,20 +1,26 @@ +This version contains an important security fix, and it is **strongly recommend** for ALL installations to be upgraded to this version **immediately**. + +### Bypass of Authentication + +The authentication against Home Assistant can be bypassed by an anonymous and unauthorized user. The issue has been mitigated in the latest release. + +To be clear on the subject: This is an add-on issue and not an issue with the Home Assistant authentication itself. + +Exact details of the vulnerability are not disclosed in order to give our users the time to upgrade. + +Thanks to Lars Larsson (@larsla) for responsibly reporting this vulnerability. + +### Versions Affected + +Affects only the latest release that added support for authentication against Home Assistant, add-on versions v1.2.0. Older releases are not affected. + [Full Changelog][changelog] -This release upgrades a lot (including InfluxDB), fixes a couple of issues with timing between starting all the services and adds authentication against Home Assistant! - -From this point on, you can log in, into the web interface, using your Home Assistant frontend username and password. - ### Changed -- Upgrades InfluxDB to v1.7.0 -- Upgrades Chronograf to v1.7.1 -- Give InfluxDB more time to start, before init script -- Makes Chronograf wait until InfluxDB is started -- Makes Kapacitor wait until InfluxDB is started -- Removes ipv6 configuration option -- Upgrades nginx to 1.14.0-0ubuntu1.2 -- Adds support for the authentication against Home Assistant -- Limit supported machines (#12) (@HoppingMonk) -- Updates documentation for HA Auth +- Upgrades InfluxDB to 1.7.2 +- Upgrades Chronograf to 1.7.5 +- Upgrades Kapacitor to 1.5.2 +- Fixes authentication bypass vulnerability -[changelog]: https://github.com/hassio-addons/addon-influxdb/compare/v1.1.1...v1.2.0 \ No newline at end of file +[changelog]: https://github.com/hassio-addons/addon-influxdb/compare/v1.2.0...v1.2.1 \ No newline at end of file diff --git a/influxdb/README.md b/influxdb/README.md index d6fbe0d0..72880557 100644 --- a/influxdb/README.md +++ b/influxdb/README.md @@ -46,13 +46,13 @@ If you are more interested in stable releases of our add-ons: [buymeacoffee]: https://www.buymeacoffee.com/frenck [discord-shield]: https://img.shields.io/discord/478094546522079232.svg [discord]: https://discord.me/hassioaddons -[docs]: https://github.com/hassio-addons/addon-influxdb/blob/v1.2.0/README.md +[docs]: https://github.com/hassio-addons/addon-influxdb/blob/v1.2.1/README.md [forum-shield]: https://img.shields.io/badge/community-forum-brightgreen.svg [forum]: https://community.home-assistant.io/t/community-hass-io-add-on-influxdb/54491?u=frenck [maintenance-shield]: https://img.shields.io/maintenance/yes/2018.svg [patreon-shield]: https://www.frenck.nl/images/patreon.png [patreon]: https://www.patreon.com/frenck [project-stage-shield]: https://img.shields.io/badge/project%20stage-production%20ready-brightgreen.svg -[release-shield]: https://img.shields.io/badge/version-v1.2.0-blue.svg -[release]: https://github.com/hassio-addons/addon-influxdb/tree/v1.2.0 +[release-shield]: https://img.shields.io/badge/version-v1.2.1-blue.svg +[release]: https://github.com/hassio-addons/addon-influxdb/tree/v1.2.1 [screenshot]: https://github.com/hassio-addons/addon-influxdb/raw/master/images/screenshot.png \ No newline at end of file diff --git a/influxdb/config.json b/influxdb/config.json index 88d9bb96..87b7523f 100644 --- a/influxdb/config.json +++ b/influxdb/config.json @@ -1,6 +1,6 @@ { "name": "InfluxDB", - "version": "1.2.0", + "version": "1.2.1", "slug": "influxdb", "description": "Scalable datastore for metrics, events, and real-time analytics", "url": "https://community.home-assistant.io/t/community-hass-io-add-on-influxdb/54491?u=frenck",