RELEASED: Public: 2021-11-04
Security fixes
- Non-constant time checking was performed for the controller CasC bundle access token (BEE-8344)
-
The CasC bundle access token that is used to authenticate the request between the controller and the operations center server was checked in non-constant time, resulting in a potential security vulnerability.
This issue has been resolved. The controller CasC bundle access token is now checked using a constant time comparison.
Feature enhancements
- The CasC bundle now supports multiple levels of subfolders (BEE-8260)
-
The CasC
bundle.yaml
file now allows you to include a folder or subfolder in any section, without requiring that you list each individual YAML file contained within the subfolder. Previously, if a YAML file was added or removed from the bundle, it also had to be added or removed from thebundle.yaml
file descriptor.