Released November 9, 2022
Features/Highlighted Changes
pScheduler Fixes
- Fixed issue where pScheduler server would look at HTTP request header when determining the local address during participant discovery. (Fixes CVE-2022-45027.)
- Removed the ability to use the “parse” option with
file://
URLs. (Fixes CVE-2022-45213.)
Graphs Fixes
- The JavaScript frontend will now enforce the URL whitelist in graphs.json. This matches the current behavior of the backend CGI scripts.
Raw changes
Updated components: