Bug fixes
Server
- Fixed access issue in policy pack management.
UI
- Fixed an issue where importing a GCP Organization via the UI did not automatically create the required
Private Keysetting.
- Fixed an issue where importing a GCP Organization via the UI did not automatically create the required
Security Updates
Fixed access issue in policy pack management
In version 5.51.3, a security issue was introduced that mistakenly allowed users with any Turbot/* permissions — at the Turbot level, when using the API — to:
- Create or update policy associations within a policy pack
- Delete a policy pack if it was not attached to any resource
This has now been fixed, and the correct permission model has been restored — only users with Turbot/Admin permissions can perform these operations.
Requirements
- TEF: 1.66.0
- TED: 1.9.1
Base images
Alpine: 3.17.5 Ubuntu: 22.04.3