-
Garage v0.8.6 Stable
released this
2024-03-01 14:05:01 +00:00 | 579 commits to main since this releaseGarage v0.8.6
This minor release is a security release that fixes the following issues:
-
Fix timing side-channel vulnerability in admin/metrics token comparison and in AWS signature v4 verification (#737, backported in #740)
-
Ensure that the correct set of headers (in particular,
x-amz-*
headers) are included in signature calculation (#735, #745, backported in #744)
Thanks to Radicallly Open Security for auditing the code and finding the timing side-channel vulnerabilities.
Downloads
-