public/grafana
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[v8.5.x] Chore: Release 8.5.14 (#56698)

Browse Source 
* remove support for v1

(cherry picked from commit 8630a7a991af74edc4030f57d37a4bc263202fde)

* Security: Make proxy endpoints not leak sensitive HTTP headers

Fixes CVE-2022-31130

(cherry picked from commit 2974574a53ab6d26be7b706e76271173a91fea3a)

* Security: Fix do not forward login cookie in outgoing requests

(cherry picked from commit 54a32fc83b233f5910495b5fcca0b4f881221538)

* Add test for username/login field conflict

(cherry picked from commit 7aabcf2694)

* Swap order of login fields

(cherry picked from commit 5ec176cada)

* "Release: Updated versions in package to 8.5.14" (#547)

Co-authored-by: Will Browne <will.browne@grafana.com>
Co-authored-by: Marcus Efraimsson <marcus.efraimsson@gmail.com>
Co-authored-by: linoman <2051016+linoman@users.noreply.github.com>
Co-authored-by: Grot (@grafanabot) <43478413+grafanabot@users.noreply.github.com>
This commit is contained in:
Sofia Papagiannaki
2022-10-11 15:25:10 +03:00
committed by GitHub
parent 811b6c06b0
commit 58b7ae14ce
30 changed files with 260 additions and 86 deletions
Download Patch File Download Diff File Expand all files Collapse all files
pkg/api/pluginproxy/ds_proxy.go
+1 -1
View File
@@ -214,7 +214,7 @@ func (proxy *DataSourceProxy) director(req *http.Request) {
}
}
proxyutil.ClearCookieHeader(req, keepCookieNames)
proxyutil.ClearCookieHeader(req, keepCookieNames, []string{proxy.cfg.LoginCookieName})
req.Header.Set("User-Agent", fmt.Sprintf("Grafana/%s", setting.BuildVersion))
jsonData := make(map[string]interface{})