mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 23:41:43 +01:00
fix(element): Update Synapse to 1.127.1; Fixes https://www.cve.org/CVERecord?id=CVE-2025-30355 which applies to Synapse installations with unrestricted (no allow list) federation enabled
This commit is contained in:
Thorsten Roßner
@@ -18,6 +18,8 @@ SPDX-License-Identifier: Apache-2.0
|
|||||||
* [OpenProject](#openproject)
|
* [OpenProject](#openproject)
|
||||||
* [PostgreSQL](#postgresql)
|
* [PostgreSQL](#postgresql)
|
||||||
* [Keycloak](#keycloak)
|
* [Keycloak](#keycloak)
|
||||||
|
* [Setting the log level](#setting-the-log-level)
|
||||||
|
* [Accessing the Keycloak admin console](#accessing-the-keycloak-admin-console)
|
||||||
<!-- TOC -->
|
<!-- TOC -->
|
||||||
|
|
||||||
# Disclaimer
|
# Disclaimer
|
||||||
@@ -198,6 +200,8 @@ While you will find all details in the [psql subsection](https://www.postgresql.
|
|||||||
|
|
||||||
## Keycloak
|
## Keycloak
|
||||||
|
|
||||||
|
### Setting the log level
|
||||||
|
|
||||||
Keycloak is the gateway to integrate other authentication management systems or applications. It can be desired to
|
Keycloak is the gateway to integrate other authentication management systems or applications. It can be desired to
|
||||||
avoid enabling debug mode for the whole platform when you just need to look into Keycloak.
|
avoid enabling debug mode for the whole platform when you just need to look into Keycloak.
|
||||||
|
|
||||||
@@ -214,3 +218,9 @@ kubectl patch -n ${NAMESPACE} configmap ${CONFIGMAP_NAME} --type merge -p '{"dat
|
|||||||
|
|
||||||
> **Note**<br>
|
> **Note**<br>
|
||||||
> As the `ums-keycloak-extensions-handler` is performing frequent (one per second) requests to Keycloak for retrieval of the Keycloak event history, you might want to stop/remove the deployment while debugging/analysing Keycloak to not get your debug output spammed by these requests.
|
> As the `ums-keycloak-extensions-handler` is performing frequent (one per second) requests to Keycloak for retrieval of the Keycloak event history, you might want to stop/remove the deployment while debugging/analysing Keycloak to not get your debug output spammed by these requests.
|
||||||
|
|
||||||
|
### Accessing the Keycloak admin console
|
||||||
|
|
||||||
|
Deployments set to `debug.enable: true` expose the Keycloak admin console at `http://id.<your_opendesk_domain>/admin/`. This can also be achieved by updating the Ingress `ums-keycloak-extensions-proxy` with an additional path that allows access to `/admin/`.
|
||||||
|
|
||||||
|
The admin console login is using the default Keycloak admin account `kcadmin` and the password from the secret `ums-opendesk-keycloak-credentials`.
|
||||||
|
|||||||
@@ -28,10 +28,10 @@ This document shows how to configure your organization's IdP and the openDesk Id
|
|||||||
|
|
||||||
We would like to list successful IdP federation scenarios, so we are also happy about input from the community:
|
We would like to list successful IdP federation scenarios, so we are also happy about input from the community:
|
||||||
|
|
||||||
| External IdP | last openDesk version tested |
|
| External IdP | openDesk versions tested |
|
||||||
| ------------------------------------------------------------------- | ---------------------------- |
|
|---------------------------------------------------------------------|--------------------------|
|
||||||
| [EU Login](https://webgate.ec.europa.eu/cas/userdata/myAccount.cgi) | v0.9.0 |
|
| [EU Login](https://webgate.ec.europa.eu/cas/userdata/myAccount.cgi) | v0.9.0, v1.2.0 |
|
||||||
| [ProConnect](https://www.proconnect.gouv.fr/) | v0.9.0 |
|
| [ProConnect](https://www.proconnect.gouv.fr/) | v0.9.0 |
|
||||||
|
|
||||||
# Prerequisites
|
# Prerequisites
|
||||||
|
|
||||||
|
|||||||
@@ -109,7 +109,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||||
name: "opendesk-element"
|
name: "opendesk-element"
|
||||||
version: "6.1.2"
|
version: "6.1.3"
|
||||||
verify: true
|
verify: true
|
||||||
elementWellKnown:
|
elementWellKnown:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
@@ -119,7 +119,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||||
name: "opendesk-well-known"
|
name: "opendesk-well-known"
|
||||||
version: "6.1.2"
|
version: "6.1.3"
|
||||||
verify: true
|
verify: true
|
||||||
home:
|
home:
|
||||||
# providerCategory: "Platform"
|
# providerCategory: "Platform"
|
||||||
@@ -211,7 +211,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||||
name: "opendesk-matrix-user-verification-service"
|
name: "opendesk-matrix-user-verification-service"
|
||||||
version: "6.1.2"
|
version: "6.1.3"
|
||||||
verify: true
|
verify: true
|
||||||
memcached:
|
memcached:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
@@ -449,7 +449,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||||
name: "opendesk-synapse"
|
name: "opendesk-synapse"
|
||||||
version: "6.1.2"
|
version: "6.1.3"
|
||||||
verify: true
|
verify: true
|
||||||
synapseAdmin:
|
synapseAdmin:
|
||||||
# Enterprise Component
|
# Enterprise Component
|
||||||
@@ -477,7 +477,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||||
name: "opendesk-synapse-create-account"
|
name: "opendesk-synapse-create-account"
|
||||||
version: "6.1.2"
|
version: "6.1.3"
|
||||||
verify: true
|
verify: true
|
||||||
synapseGroupsync:
|
synapseGroupsync:
|
||||||
# Enterprise Component
|
# Enterprise Component
|
||||||
@@ -505,7 +505,7 @@ charts:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||||
name: "opendesk-synapse-web"
|
name: "opendesk-synapse-web"
|
||||||
version: "6.1.2"
|
version: "6.1.3"
|
||||||
verify: true
|
verify: true
|
||||||
xwiki:
|
xwiki:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
|
|||||||
@@ -933,7 +933,7 @@ images:
|
|||||||
# upstreamMirrorStartFrom: ["1", "91", "2"]
|
# upstreamMirrorStartFrom: ["1", "91", "2"]
|
||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse"
|
repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse"
|
||||||
tag: "v1.121.1@sha256:5d8081b6004eb115635334dbc1ec2f87318f19d5ad0e7c62f7476d4cc16de277"
|
tag: "v1.127.1@sha256:0b0b933314ac9e1ba917a72c29d5b49c47828ab6e8df3aae3ac244ee947a89fc"
|
||||||
synapseCreateUser:
|
synapseCreateUser:
|
||||||
# providerCategory: "Community"
|
# providerCategory: "Community"
|
||||||
# providerResponsible: "Nordeck"
|
# providerResponsible: "Nordeck"
|
||||||
|
|||||||
@@ -136,7 +136,9 @@
|
|||||||
#kc-login,
|
#kc-login,
|
||||||
#kc-logout,
|
#kc-logout,
|
||||||
#saveTOTPBtn,
|
#saveTOTPBtn,
|
||||||
.pf-c-button.btn-lg {
|
.pf-c-button.btn-lg,
|
||||||
|
.kc-social-provider-name
|
||||||
|
{
|
||||||
color: var(--color-opendesk-white);
|
color: var(--color-opendesk-white);
|
||||||
border: 2px solid;
|
border: 2px solid;
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user