Tekton Dashboard and Webhooks Extension security release v0.6.1.4
This is another security patch - we figured it'd be quite difficult to do on top of v0.6.1.3 but @AlanGreene proved us wrong π
This should be the last for a while!
Tekton Pipelines 0.12, 0.11, and Triggers 0.4 are supported. Note that this release involves the CSRF secure cookie for the first time. If you see invalid CSRF token messages, make sure the flag is true and you're accessing the Dashboard through a secure endpoint over TLS (typically a Route on OpenShift, or Ingress). If you're looking to port-forward to access the Dashboard from, say, an npm run start, the setting must be false.
Let us know if you do find any issues either way, thanks
Credits
- @a-roberts π»
- @AlanGreene π»
- @Megan-Wright π»