Turbot Guardrails Enterprise (TE) v5.51.5 - Fixed access issue in policy pack management.

Jun 12, 2025
TE

Bug fixes

  • Server

    • Fixed access issue in policy pack management.
  • UI

    • Fixed an issue where importing a GCP Organization via the UI did not automatically create the required Private Key setting.

Security Updates

Fixed access issue in policy pack management

In version 5.51.3, a security issue was introduced that mistakenly allowed users with any Turbot/* permissions — at the Turbot level, when using the API — to:

  • Create or update policy associations within a policy pack
  • Delete a policy pack if it was not attached to any resource

This has now been fixed, and the correct permission model has been restored — only users with Turbot/Admin permissions can perform these operations.

Requirements

  • TEF: 1.66.0
  • TED: 1.9.1

Base images

Alpine: 3.17.5 Ubuntu: 22.04.3