From cbe7c1833d1422a81a7908d5b64fac2cd7b32897 Mon Sep 17 00:00:00 2001 From: Maximilian Wesener Date: Mon, 18 Sep 2023 16:04:22 +0200 Subject: [PATCH 1/2] chore: TRACEFOSS-XXX release --- CHANGELOG.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index aa1ad04926..a62d1831b1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,6 +7,9 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] ### Added +## [7.0.0] +### Added + - OAuth2 client credentials rest template interceptor - Configuration for left and right policies to use registry client library - Add support for JustInSequence aspect model @@ -58,6 +61,25 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), - Upgraded snakeyaml from 2.0 to 2.2 - Upgraded docker/login-action from 2 to 3 - Upgraded cypress-io/github-action 6.0.0 to 6.5.0 +- +### Known knowns + +- Backend [TRACEFOSS-1458]: AdminView: No validation of BPN for BPN EDC URL mapping +- Backend [TRACEFOSS-589]: Backend API access without login returns incorrect HTTP status code (500 instead of 401) +- Backend [TRACEFOSS-2148]: Endpoints for parts and notifications returns unsorted list +--- +- Frontend [TRACEFOSS-2149]: Sorting on empty table causes unhandled error view +--- +- Security [TRACEFOSS-829]: CVE Strict-Transport-Security header - The HSTS Warning and Error may allow attackers to bypass HSTS +- Security [TRACEFOSS-830]: CVE one stack trace disclosure (Java) in the target web server's HTTP response +- Security [TRACEFOSS-919]: Authorization Bypass Through User-Controlled SQL Primary Key CWE ID 566 +- Security [TRACEFOSS-984]: Improper Output Neutralization for Logs CWE ID 117 +- Security [TRACEFOSS-1313]: Using components with known vulnerabilities +- Security [TRACEFOSS-1314]: Open Redirect - host header injection +- Security [TRACEFOSS-1315]: No additional authentication component (MFA) during login process +--- +- Environment [TRACEFOSS-2164]: HTTP Requests for syncing the submodel server inoperable~~ + ### Removed From 4715af0172af72005e8287e50f6a4e46a6842009 Mon Sep 17 00:00:00 2001 From: Maximilian Wesener Date: Mon, 18 Sep 2023 16:05:14 +0200 Subject: [PATCH 2/2] chore: TRACEFOSS-XXX release --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a62d1831b1..ef096da958 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,7 +7,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), ## [Unreleased] ### Added -## [7.0.0] +## [7.0.0 - 18.09.2023] ### Added - OAuth2 client credentials rest template interceptor