CVE-2022-45213: perfSONAR 4.4.6 Release Notes | perfSONAR

Released November 9, 2022

Features/Highlighted Changes****pScheduler Fixes

• Fixed issue where pScheduler server would look at HTTP request header when determining the local address during participant discovery. (Fixes CVE-2022-45027.)
• Removed the ability to use the “parse” option with file:// URLs. (Fixes CVE-2022-45213.)

Graphs Fixes

• The JavaScript frontend will now enforce the URL whitelist in graphs.json. This matches the current behavior of the backend CGI scripts.

Raw changes

Updated components:

• graphs
• pscheduler

Tags: