- 21 7月, 2023 1 次提交
-
-
由 ItalyPaleAle 提交于
The APITokenAuthMiddleware allowed bypassing the check if the path included `/healthz`. An attacker only needed to include `/healthz` in the URL, even the querystring, to bypass the API token check, for example `/v1.0/invoke/myapp/method/something?foo=/healthz`. Additionally, this was not checking the method of the request, so requests to `POST /healthz` would cause a service invocation to happen. This fixes the issue by making the check a lot more strict. The API token check can be bypassed only if: - The path is exactly `/v1.0/healthz` or `/v1.0/healthz/outbound` (slashes are trimmed on each side) - The method is `GET` Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 20 7月, 2023 1 次提交
-
-
由 Bernd Verst 提交于
Signed-off-by: NBernd Verst <github@bernd.dev>
-
- 18 7月, 2023 2 次提交
-
-
由 Alessandro (Ale) Segala 提交于
* Release notes for avro Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Upgraded components-contrib Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
由 Alessandro (Ale) Segala 提交于
* Fixed: race conditions in gRPC Configuration Subscribe API (#6558) Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NDapr Bot <56698301+dapr-bot@users.noreply.github.com> Co-authored-by: NYaron Schneider <schneider.yaron@live.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com> Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * [Workflow] Fix unbounded history batch save issue (#6618) * Workflow: Fix struct pointer issue resulting in miscounting history records Signed-off-by: NChris Gillum <cgillum@microsoft.com> * Update wf state unit tests to account for new custom status optimization Signed-off-by: NChris Gillum <cgillum@microsoft.com> --------- Signed-off-by: NChris Gillum <cgillum@microsoft.com> * Update DurableTask-Go to fix issues with workflows hanging (#6659) Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Added release notes Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> * Backport changes to Azure tests to make them work again in the release-1.11 branch Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> #6488 --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NChris Gillum <cgillum@microsoft.com> Co-authored-by: NDapr Bot <56698301+dapr-bot@users.noreply.github.com> Co-authored-by: NYaron Schneider <schneider.yaron@live.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com> Co-authored-by: NChris Gillum <cgillum@microsoft.com>
-
- 28 6月, 2023 1 次提交
-
-
由 Alessandro (Ale) Segala 提交于
Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 22 6月, 2023 2 次提交
-
-
由 Bernd Verst 提交于
* Pin contrib v1.11.3, add docs for RabbitMQ memory leak Signed-off-by: NBernd Verst <github@bernd.dev> * Replace unlicensed indirect dependencies Signed-off-by: NBernd Verst <github@bernd.dev> * Update v1.11.1.md * Update v1.11.1.md --------- Signed-off-by: NBernd Verst <github@bernd.dev> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Josh van Leeuwen 提交于
Signed-off-by: Njoshvanl <me@joshvanl.dev>
-
- 21 6月, 2023 6 次提交
-
-
由 Yaron Schneider 提交于
Signed-off-by: NYaron Schneider <schneider.yaron@live.com>
-
由 Josh van Leeuwen 提交于
* Adds v1.11.1.md release notes Signed-off-by: Njoshvanl <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NYaron Schneider <schneider.yaron@live.com> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Update docs/release_notes/v1.11.1.md Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> * Adds TOC to release notes v1.11.1.md Signed-off-by: Njoshvanl <me@joshvanl.dev> * Fix copy paste error Signed-off-by: Njoshvanl <me@joshvanl.dev> --------- Signed-off-by: Njoshvanl <me@joshvanl.dev> Signed-off-by: NYaron Schneider <schneider.yaron@live.com> Signed-off-by: NJosh van Leeuwen <me@joshvanl.dev> Co-authored-by: NYaron Schneider <schneider.yaron@live.com> Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Yaron Schneider 提交于
* remove app port requirement for http channel Signed-off-by: Nyaron2 <schneider.yaron@live.com> * prettify error message Signed-off-by: Nyaron2 <schneider.yaron@live.com> --------- Signed-off-by: Nyaron2 <schneider.yaron@live.com>
-
由 Bernd Verst 提交于
Signed-off-by: NBernd Verst <github@bernd.dev>
-
由 Alessandro (Ale) Segala 提交于
Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Alessandro (Ale) Segala 提交于
* Fixed goroutine leak in reminders and timers * Added unit tests + some more tweaks * Fixed last goroutine leaks * Comments --------- Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com> Co-authored-by: NArtur Souza <asouza.pro@gmail.com> Co-authored-by: NDapr Bot <56698301+dapr-bot@users.noreply.github.com>
-
- 20 6月, 2023 2 次提交
-
-
由 Yaron Schneider 提交于
Signed-off-by: Nyaron2 <schneider.yaron@live.com>
-
由 Bernd Verst 提交于
[Release 1.11] Pin contrib 1.11.1-rc.1, Update retracted dependency, add CI check for retracted dependencies (#6452) * Add retracted dep check and upgrade retracted bluemonday version Signed-off-by: NBernd Verst <github@bernd.dev> * Pin contrib 1.11.1-rc.1 Signed-off-by: NBernd Verst <github@bernd.dev> --------- Signed-off-by: NBernd Verst <github@bernd.dev>
-
- 17 6月, 2023 1 次提交
-
-
由 Bernd Verst 提交于
-
- 13 6月, 2023 1 次提交
-
-
由 Yaron Schneider 提交于
Signed-off-by: NYaron Schneider <schneider.yaron@live.com>
-
- 10 6月, 2023 2 次提交
-
-
由 Josh van Leeuwen 提交于
* Ensure parts is longer than 5. Components name validation Signed-off-by: Njoshvanl <me@joshvanl.dev> * Include ObjectMeta in type types Signed-off-by: Njoshvanl <me@joshvanl.dev> --------- Signed-off-by: Njoshvanl <me@joshvanl.dev> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Alessandro (Ale) Segala 提交于
Fixes error reported by user on Discord: https://discord.com/channels/778680217417809931/1055270900125138975/1109309802435321896Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 09 6月, 2023 10 次提交
-
-
由 Shubham Sharma 提交于
* Update release notes Signed-off-by: NShubham Sharma <shubhash@microsoft.com> * Add win deprecation notice Signed-off-by: NShubham Sharma <shubhash@microsoft.com> --------- Signed-off-by: NShubham Sharma <shubhash@microsoft.com> Co-authored-by: NYaron Schneider <schneider.yaron@live.com>
-
由 Yaron Schneider 提交于
Signed-off-by: NYaron Schneider <schneider.yaron@live.com>
-
由 Shubham Sharma 提交于
Signed-off-by: NShubham Sharma <shubhash@microsoft.com>
-
由 Artur Souza 提交于
Signed-off-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Artur Souza 提交于
Fix latest manifest tag
-
由 Artur Souza 提交于
Signed-off-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Alessandro (Ale) Segala 提交于
Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
由 Artur Souza 提交于
Update release notes from autogen script. last changed at Jun 6, 2023 6:24 PM, pushed by Artur Souza last changed at Jun 8, 2023 9:40 AM, pushed by Artur Souza last changed at Jun 8, 2023 9:40 AM, pushed by Artur Souza last changed at Jun 8, 2023 9:40 AM, pushed by Artur Souza last changed at Jun 8, 2023 12:52 PM, pushed by Artur Souza last changed at Jun 8, 2023 2:37 PM, pushed by Artur Souza Signed-off-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Artur Souza 提交于
Signed-off-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Artur Souza 提交于
Signed-off-by: NArtur Souza <asouza.pro@gmail.com>
-
- 08 6月, 2023 1 次提交
-
-
由 Chris Gillum 提交于
* [Workflow] Add workflow generation to activity actor IDs This change ensures uniqueness for activity invocations across multiple workflow generations. This change will prevent actor deadlocks caused by multiple workflow generations that schedule concurrently executing activities with the same task ID. Signed-off-by: NChris Gillum <cgillum@microsoft.com> * Fix typos in comment Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com> Signed-off-by: NChris Gillum <cgillum@gmail.com> Signed-off-by: NChris Gillum <cgillum@microsoft.com> --------- Signed-off-by: NChris Gillum <cgillum@microsoft.com> Signed-off-by: NChris Gillum <cgillum@gmail.com> Co-authored-by: NAlessandro (Ale) Segala <43508+ItalyPaleAle@users.noreply.github.com>
-
- 07 6月, 2023 3 次提交
-
-
由 Alessandro (Ale) Segala 提交于
See dapr/kit#52 Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
由 Bernd Verst 提交于
Signed-off-by: NBernd Verst <github@bernd.dev>
-
由 Alessandro (Ale) Segala 提交于
Signed-off-by: NItalyPaleAle <43508+ItalyPaleAle@users.noreply.github.com>
-
- 06 6月, 2023 1 次提交
-
-
由 Yaron Schneider 提交于
Fix wasm binding register Co-authored-by: NLoong Dai <long.dai@intel.com>
-
- 02 6月, 2023 1 次提交
-
-
由 Josh van Leeuwen 提交于
* Adds third party URI path normalization, removing segment decoding Signed-off-by: Njoshvanl <me@joshvanl.dev> * Adds e2e tests to ensure only slashes are normalized. Segments remain encoded as is. Signed-off-by: Njoshvanl <me@joshvanl.dev> * Adds copyright headers Signed-off-by: Njoshvanl <me@joshvanl.dev> * Write back escaped path from echoPath e2e handler Signed-off-by: Njoshvanl <me@joshvanl.dev> * linting Signed-off-by: Njoshvanl <me@joshvanl.dev> * Don't escape path in e2e service invocation app router Signed-off-by: Njoshvanl <me@joshvanl.dev> * Use correct expected path Signed-off-by: Njoshvanl <me@joshvanl.dev> * Remove trailing slashes since we use strict slashes in router Signed-off-by: Njoshvanl <me@joshvanl.dev> --------- Signed-off-by: Njoshvanl <me@joshvanl.dev>
-
- 31 5月, 2023 2 次提交
-
-
由 Bernd Verst 提交于
Signed-off-by: NBernd Verst <github@bernd.dev>
-
由 Deepanshu Agarwal 提交于
Signed-off-by: NDeepanshu Agarwal <deepanshu.agarwal1984@gmail.com>
-
- 26 5月, 2023 3 次提交
-
-
由 Chris Gillum 提交于
Signed-off-by: NChris Gillum <cgillum@microsoft.com>
-
由 Josh van Leeuwen 提交于
* Actor State TTL: put feature being feature gate Signed-off-by: Njoshvanl <me@joshvanl.dev> * Linting Signed-off-by: Njoshvanl <me@joshvanl.dev> * Add comment to where ActorStateTTL feature gate it used with a reminder to remove it. Signed-off-by: Njoshvanl <me@joshvanl.dev> * Adds separate e2e config and assign to actor_state test for actor state ttl Signed-off-by: Njoshvanl <me@joshvanl.dev> --------- Signed-off-by: Njoshvanl <me@joshvanl.dev> Co-authored-by: NArtur Souza <asouza.pro@gmail.com>
-
由 Filinto Duran 提交于
* fix rbac permit for operator-admin Signed-off-by: NFilinto Duran <filinto@diagrid.io> * refactor negated logic Signed-off-by: NFilinto Duran <filinto@diagrid.io> --------- Signed-off-by: NFilinto Duran <filinto@diagrid.io>
-