- 21 7月, 2023 1 次提交
-
-
由 ItalyPaleAle 提交于
The APITokenAuthMiddleware allowed bypassing the check if the path included `/healthz`. An attacker only needed to include `/healthz` in the URL, even the querystring, to bypass the API token check, for example `/v1.0/invoke/myapp/method/something?foo=/healthz`. Additionally, this was not checking the method of the request, so requests to `POST /healthz` would cause a service invocation to happen. This fixes the issue by making the check a lot more strict. The API token check can be bypassed only if: - The path is exactly `/v1.0/healthz` or `/v1.0/healthz/outbound` (slashes are trimmed on each side) - The method is `GET` Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 18 7月, 2023 1 次提交
-
-
由 Alessandro (Ale) Segala 提交于
Fixes CVE-2023-37475 Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 22 6月, 2023 1 次提交
-
-
由 Josh van Leeuwen 提交于
Signed-off-by: Njoshvanl <me@joshvanl.dev>
-
- 21 6月, 2023 4 次提交
-
-
由 Josh van Leeuwen 提交于
* Adds missing v1.10.8 release notes Signed-off-by: Njoshvanl <me@joshvanl.dev> * Update release notes and creates a TOC Signed-off-by: Njoshvanl <me@joshvanl.dev> --------- Signed-off-by: Njoshvanl <me@joshvanl.dev>
-
由 Deepanshu Agarwal 提交于
* Fix bulk subscribe response Signed-off-by: NDeepanshu Agarwal <deepanshu.agarwal1984@gmail.com> * Add Release Note for issue Signed-off-by: NDeepanshu Agarwal <deepanshu.agarwal1984@gmail.com> * Correct merge conflict from cherry-picking Signed-off-by: NDeepanshu Agarwal <deepanshu.agarwal1984@gmail.com> * Update docs/release_notes/v1.10.8.md Co-authored-by: NMukundan Sundararajan <65565396+mukundansundar@users.noreply.github.com> Signed-off-by: NDeepanshu Agarwal <deepanshu.agarwal1984@gmail.com> * Update docs/release_notes/v1.10.8.md Co-authored-by: NMukundan Sundararajan <65565396+mukundansundar@users.noreply.github.com> Signed-off-by: NDeepanshu Agarwal <deepanshu.agarwal1984@gmail.com> --------- Signed-off-by: NDeepanshu Agarwal <deepanshu.agarwal1984@gmail.com> Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NMukundan Sundararajan <65565396+mukundansundar@users.noreply.github.com> Co-authored-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NYaron Schneider <schneider.yaron@live.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Bernd Verst 提交于
Signed-off-by: NBernd Verst <github@bernd.dev>
-
由 Alessandro (Ale) Segala 提交于
* Fixed goroutine leak in reminders and timers * Added unit tests + some more tweaks * Fixed last goroutine leaks * Comments --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com> Co-authored-by: NDapr Bot <56698301+dapr-bot@users.noreply.github.com>
-
- 20 6月, 2023 1 次提交
-
-
由 Yaron Schneider 提交于
Signed-off-by: Nyaron2 <schneider.yaron@live.com>
-
- 17 6月, 2023 4 次提交
-
-
由 Bernd Verst 提交于
* Adds ActorReminder bson marshaler to address Mongo problems (#6525) * Add release notes for MongoDB issue Signed-off-by: NBernd Verst <github@bernd.dev> --------- Signed-off-by: NBernd Verst <github@bernd.dev>
-
由 Alessandro (Ale) Segala 提交于
* Fix panic in service invocation when connection fails Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Added relnotes Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Josh van Leeuwen 提交于
* Components name validation in disk manifest loader Signed-off-by: Njoshvanl <me@joshvanl.dev> * Include ObjectMeta in type types Signed-off-by: Njoshvanl <me@joshvanl.dev> * Adds to release notes for v1.10.8 Signed-off-by: Njoshvanl <me@joshvanl.dev> --------- Signed-off-by: Njoshvanl <me@joshvanl.dev> Signed-off-by: NArtur Souza <asouza.pro@gmail.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Josh van Leeuwen 提交于
* Adds third party URI path normalization, removing segment decoding Signed-off-by: Njoshvanl <me@joshvanl.dev> * Adds e2e tests to ensure only slashes are normalized. Segments remain encoded as is. Signed-off-by: Njoshvanl <me@joshvanl.dev> * Adds copyright headers Signed-off-by: Njoshvanl <me@joshvanl.dev> * Write back escaped path from echoPath e2e handler Signed-off-by: Njoshvanl <me@joshvanl.dev> * linting Signed-off-by: Njoshvanl <me@joshvanl.dev> * Don't escape path in e2e service invocation app router Signed-off-by: Njoshvanl <me@joshvanl.dev> * Use correct expected path Signed-off-by: Njoshvanl <me@joshvanl.dev> * Remove trailing slashes since we use strict slashes in router Signed-off-by: Njoshvanl <me@joshvanl.dev> * Add 1.10.8 release notes Signed-off-by: Njoshvanl <me@joshvanl.dev> * Update github.com/dapr/components-contrib from `v1.10.6` to `v1.10.7` Signed-off-by: Njoshvanl <me@joshvanl.dev> * Update dapr/components-contrib to v1.10.8 Signed-off-by: Njoshvanl <me@joshvanl.dev> --------- Signed-off-by: Njoshvanl <me@joshvanl.dev>
-
- 12 5月, 2023 1 次提交
-
-
由 Josh van Leeuwen 提交于
* Use SetPath in nethttpadapter to ensure path fasthttp URI path is normalized Signed-off-by: Njoshvanl <me@joshvanl.dev> * Update the release notes for v1.10.7 with fix for HTTP request URL normalization. Signed-off-by: Njoshvanl <me@joshvanl.dev> * Update docs/release_notes/v1.10.7.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.10.7.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Review comments Signed-off-by: Njoshvanl <me@joshvanl.dev> * Using // to repro regression in actor invocation. Signed-off-by: NArtur Souza <asouza.pro@gmail.com> --------- Signed-off-by: Njoshvanl <me@joshvanl.dev> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> Signed-off-by: NArtur Souza <asouza.pro@gmail.com> Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
- 11 5月, 2023 1 次提交
-
-
由 Bernd Verst 提交于
Signed-off-by: NBernd Verst <github@bernd.dev>
-
- 06 5月, 2023 2 次提交
-
-
由 Loong Dai 提交于
Pin contrib 1.10.6 and update release notes
-
由 Bernd Verst 提交于
Signed-off-by: NBernd Verst <github@bernd.dev>
-
- 04 5月, 2023 1 次提交
-
-
由 Artur Souza 提交于
* Fix timer and reminder serialization issue on invocation. Signed-off-by: NArtur Souza <asouza.pro@gmail.com> * Fix gRPC reminder and timer serialization on top of previous change. Signed-off-by: NArtur Souza <asouza.pro@gmail.com> --------- Signed-off-by: NArtur Souza <asouza.pro@gmail.com>
-
- 26 4月, 2023 1 次提交
-
-
由 Artur Souza 提交于
* Unserializing reminder period accepts more null-y values Fixes dapr/components-contrib#2786 which seems to be due to how MongoDB serializes the null value Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Actor timer/reminder responses: marshal data to JSON Fixes #6268 Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Addressed review feedback Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
💄 Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Release notes for Dapr v1.10.6 Signed-off-by: NArtur Souza <asouza.pro@gmail.com> --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NArtur Souza <asouza.pro@gmail.com> Co-authored-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 14 4月, 2023 1 次提交
-
-
由 Alessandro (Ale) Segala 提交于
Contains some small fixes to actors after recent changes Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 11 4月, 2023 1 次提交
-
-
由 Yaron Schneider 提交于
Signed-off-by: Nyaron2 <schneider.yaron@live.com>
-
- 31 3月, 2023 5 次提交
-
-
由 Alessandro (Ale) Segala 提交于
-
由 Alessandro (Ale) Segala 提交于
Fixes race conditions for the most part (fixes #6018) Includes improvements to perf: - Update actor reminders data structures - Switch data field to be json.RawMessage - Reduce code duplication & tech debt Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Alessandro (Ale) Segala 提交于
[release-1.10] Use a single HTTP client for all connections to the app, which supports TLS [Fixes actors not working with app-ssl enabled] (#6159) * Use a single HTTP client for all connections to the app, which supports TLS Fixes #6141 This was implemented in a way that: - Makes health checks work when `app-ssl` is enabled. - Switches the health package's client to net/http rather than fasthttp. This allows taking advantage of HTTP/2 and multiplexing, among other things. - Uses a single http.Client for health checks and app channel. This allows re-using TCP sockets and multiplexing when HTTP/2 is enabled Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Fixed actors Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Alessandro (Ale) Segala 提交于
* Maintain all HTTP headers with the same name The HTTP specs allow passing multiple headers with the same name, for example multiple `Set-Cookie` headers. However, for every header, Dapr was only preserving the first value. This fixes the behavior of Dapr to preserve all HTTP headers, even when more than one have the same name. Fixes #6104 Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Update pkg/http/api.go Signed-off-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Alessandro (Ale) Segala 提交于
Also incldues two more twekas: 1. Use an exponential backoff when reconnecting to the placement service rather than a linear one 2. Do not print a debug log on every single reconnection attempt, which were very frequent and causing noise Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NMukundan Sundararajan <65565396+mukundansundar@users.noreply.github.com>
-
- 30 3月, 2023 1 次提交
-
-
由 Alessandro (Ale) Segala 提交于
* remove temporal from workflows and tests (#6021) Signed-off-by: Nyaron2 <schneider.yaron@live.com> * removing wener helm from makefile (#6148) Signed-off-by: NRyan Lettieri <ryanLettieri@microsoft.com> Co-authored-by: NRyan Lettieri <ryanLettieri@microsoft.com> --------- Signed-off-by: Nyaron2 <schneider.yaron@live.com> Signed-off-by: NRyan Lettieri <ryanLettieri@microsoft.com> Co-authored-by: NYaron Schneider <schneider.yaron@live.com> Co-authored-by: NRyan Lettieri <67934986+RyanLettieri@users.noreply.github.com> Co-authored-by: NRyan Lettieri <ryanLettieri@microsoft.com>
-
- 21 3月, 2023 1 次提交
-
-
由 Alessandro (Ale) Segala 提交于
* Stabilize flaky actor unit tests by mocking time (#5613) * Reduce log verbosity for workflow execution (#5897) Signed-off-by: NChris Gillum <cgillum@microsoft.com> Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NLoong Dai <long.dai@intel.com> Co-authored-by: NYaron Schneider <schneider.yaron@live.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com> * Replaces `github.com/benbjohnson/clock` with `k8s.io/utils/clock`. (#6054) * Replaces `github.com/benbjohnson/clock` with `k8s.io/utils/clock`. Deflake and speed up `pkg/actors` unit tests. Signed-off-by: Njoshvanl <me@joshvanl.dev> * Linting Signed-off-by: Njoshvanl <me@joshvanl.dev> * Add `github.com/benbjohnson/clock` to .golanci.yml list of packages which error Signed-off-by: Njoshvanl <me@joshvanl.dev> * Remove `t.Parallels()` for individual tests Signed-off-by: Njoshvanl <me@joshvanl.dev> * Remove `t.Parallel()` completely from tests Signed-off-by: Njoshvanl <me@joshvanl.dev> --------- Signed-off-by: Njoshvanl <me@joshvanl.dev> Co-authored-by: NArtur Souza <asouza.pro@gmail.com> --------- Signed-off-by: NChris Gillum <cgillum@microsoft.com> Signed-off-by: Njoshvanl <me@joshvanl.dev> Co-authored-by: NChris Gillum <cgillum@microsoft.com> Co-authored-by: NLoong Dai <long.dai@intel.com> Co-authored-by: NYaron Schneider <schneider.yaron@live.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com> Co-authored-by: NJosh van Leeuwen <me@joshvanl.dev>
-
- 17 3月, 2023 2 次提交
-
-
由 Yaron Schneider 提交于
-
由 Alessandro (Ale) Segala 提交于
* API Allowlist should not impact gRPC proxying Fixes #6085 Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Added releae notes Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Fixed release notes link Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 14 3月, 2023 1 次提交
-
-
由 Taction 提交于
* fix error message lost issue Signed-off-by: Nzhangchao <zchao9100@gmail.com> * fix lint Signed-off-by: Nzhangchao <zchao9100@gmail.com> * fix http unit test and grpc error message Signed-off-by: Nzhangchao <zchao9100@gmail.com> * add unit test Signed-off-by: Nzhangchao <zchao9100@gmail.com> * fix nil check Signed-off-by: Nzhangchao <zchao9100@gmail.com> * fix review Signed-off-by: Nzhangchao <zchao9100@gmail.com> --------- Signed-off-by: Nzhangchao <zchao9100@gmail.com> Co-authored-by: NYaron Schneider <schneider.yaron@live.com>
-
- 11 3月, 2023 1 次提交
-
-
由 Taction 提交于
* fix redirect Signed-off-by: Nzhangchao <zchao9100@gmail.com> * fix e2e disable test client auto redirect Signed-off-by: Nzhangchao <zchao9100@gmail.com> * add release note Signed-off-by: Nzhangchao <zchao9100@gmail.com> * Update v1.10.3.md --------- Signed-off-by: Nzhangchao <zchao9100@gmail.com> Co-authored-by: NYaron Schneider <schneider.yaron@live.com>
-
- 09 3月, 2023 1 次提交
-
-
由 Alessandro (Ale) Segala 提交于
* Updated release notes Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Updated pinned components-contrib Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 04 3月, 2023 1 次提交
-
-
由 Alessandro (Ale) Segala 提交于
* Add release notes for Dapr 1.10.3 Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Updating linter to 1.51.2 Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 03 3月, 2023 1 次提交
-
-
由 Alessandro (Ale) Segala 提交于
* Dapr fails to initialize when a middleware component failes to init Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Add tests Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Updated per review feedback Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 01 3月, 2023 1 次提交
-
-
由 Alessandro (Ale) Segala 提交于
* Use UDS rather than TCP for test server * Handle EOF errors on the Recv side --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 28 2月, 2023 1 次提交
-
-
由 Chris Gillum 提交于
-
- 24 2月, 2023 1 次提交
-
-
由 Yaron Schneider 提交于
* Create v1.10.2.md Signed-off-by: NYaron Schneider <schneider.yaron@live.com> * Update v1.10.2.md Signed-off-by: NYaron Schneider <schneider.yaron@live.com> * Update v1.10.2.md Signed-off-by: NYaron Schneider <schneider.yaron@live.com> --------- Signed-off-by: NYaron Schneider <schneider.yaron@live.com>
-
- 21 2月, 2023 3 次提交
-
-
由 Yaron Schneider 提交于
Cherry-pick #5584 into release-1.10 [DO NOT SQUASH]
-
由 Yaron Schneider 提交于
-
由 Yaron Schneider 提交于
1.10 Hotfix: Fix CloudEvent regression
-