Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: prevent custom urn:zitadel:iam claims #7647

Merged
merged 1 commit into from
Mar 27, 2024
Merged

fix: prevent custom urn:zitadel:iam claims #7647

merged 1 commit into from
Mar 27, 2024

Conversation

livio-a
Copy link
Member

@livio-a livio-a commented Mar 27, 2024
edited
Loading

This PR prevents actions to use any claims with a prefix of urn:zitadel:iam, which could lead to possible security vulnerabilities.

Definition of Ready

  • I am happy with the code
  • Short description of the feature/issue is added in the pr description
  • PR is linked to the corresponding user story
  • Acceptance criteria are met
  • All open todos and follow ups are defined in a new ticket and justified
  • Deviations from the acceptance criteria and design are agreed with the PO and documented.
  • No debug or dead code
  • My code has no repetitions
  • Critical parts are tested automatically
  • Where possible E2E tests are implemented
  • Documentation/examples are up-to-date
  • All non-functional requirements are met
  • Functionality of the acceptance criteria is checked manually on the dev system.

@vercel Vercel
Copy link

vercel bot commented Mar 27, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Mar 27, 2024 6:50am

@livio-a livio-a marked this pull request as ready for review March 27, 2024 07:00
@livio-a livio-a requested a review from adlerhurst March 27, 2024 07:01
@livio-a livio-a enabled auto-merge (squash) March 27, 2024 07:01
@livio-a livio-a merged commit 1121ebf into main Mar 27, 2024
26 checks passed
@livio-a livio-a deleted the claim-prefix branch March 27, 2024 07:26
livio-a added a commit that referenced this pull request Mar 27, 2024
@livio-a
fix: prevent custom urn:zitadel:iam claims (#7647)
ad0589d 
(cherry picked from commit 1121ebf)
livio-a added a commit that referenced this pull request Mar 27, 2024
@livio-a
fix: prevent custom urn:zitadel:iam claims (#7647)
c4c34cb 
(cherry picked from commit 1121ebf)
livio-a added a commit that referenced this pull request Mar 27, 2024
@livio-a
fix: prevent custom urn:zitadel:iam claims (#7647)
b866450 
(cherry picked from commit 1121ebf)
livio-a added a commit that referenced this pull request Mar 27, 2024
@livio-a
fix: prevent custom urn:zitadel:iam claims (#7647)
057551a 
(cherry picked from commit 1121ebf)
livio-a added a commit that referenced this pull request Mar 27, 2024
@livio-a
fix: prevent custom urn:zitadel:iam claims (#7647)
afbc101 
(cherry picked from commit 1121ebf)
livio-a added a commit that referenced this pull request Mar 27, 2024
@livio-a
fix: prevent custom urn:zitadel:iam claims (#7647)
de1750a 
(cherry picked from commit 1121ebf)
livio-a added a commit that referenced this pull request Mar 27, 2024
@livio-a
fix: prevent custom urn:zitadel:iam claims (#7647)
216a145 
(cherry picked from commit 1121ebf)
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 2, 2024

🎉 This PR is included in version 2.49.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@adlerhurst adlerhurst adlerhurst approved these changes

Assignees
No one assigned
Labels
released
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@livio-a @adlerhurst