Hello,
First of all – thank you for all your work on Metabase! It is a fantastic tool.
I saw that v0.33.7 was just released with an important security fix for Google Auth. The only file that seems to have changed is the .gitignore – is this correct? Can you share some details on the underlying issue so we can determine the severity for our installation?
Thank you,
Eugene
Hi @eugene
Please wait a little while. There’s still being worked on the release. More information coming soon.
Roger that! Thank you for the fast reply.
Hi Eugene,
Please use release 0.33.7.1, 0.33.7 was a bad build so I removed it so there wouldn’t be confusion.
We haven’t made the source code changes for the security fix public yet to give everyone a chance to upgrade before we publish the exact details of the vulnerability. We’ll publish the source changes for the fix in a week or so once people have gotten a chance to upgrade.
Best,
Cam
If I understand correctly, 0.33.7.1 is for correcting the security vulnerability in 0.33.6?
@tuaris From what I know, it’s for a Google Auth vulnerability in all previous versions. But there’s a couple of issues with 0.33.7.1, so expect a new release very soon.
Version 0.33.7.3 has been released - please upgrade:
https://github.com/metabase/metabase/releases/tag/v0.33.7.3