Released November 9, 2022

Features/Highlighted Changes

pScheduler Fixes

  • Fixed issue where pScheduler server would look at HTTP request header when determining the local address during participant discovery. (Fixes CVE-2022-45027.)
  • Removed the ability to use the “parse” option with file:// URLs. (Fixes CVE-2022-45213.)

Graphs Fixes

  • The JavaScript frontend will now enforce the URL whitelist in graphs.json. This matches the current behavior of the backend CGI scripts.

Raw changes

Updated components: