Hi, this should already be fixed by https://github.com/oVirt/ovirt-dwh/pull/38 included in ovirt-engine-dwh-4.5.3, which should be part of upcoming oVirt 4.5.1 release.
Regards, Martin On Tue, Jun 14, 2022 at 1:20 PM Igor Davidoff <igor.david...@cloudkleyer.de> wrote: > according to grafana: > > > https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/ > > it was the security fix CSRF (CVE-2022-21703) for version 7.5.15 and 8.3.5. > As ovirt engine uses httpd as reverse proxy and the grafana V. 7.5.15: > ****** > # grafana-server -v > Version 7.5.15 (commit: NA, branch: master) > ****** > the described configuration of "ProxyPreserveHost" for Host header is > needed! > > Can the dev. team take this configuration to > /etc/httpd/conf.d/ovirt-engine-grafana-proxy.conf > for the next update? > > It is not the option to change the default config after every update. > _______________________________________________ > Users mailing list -- users@ovirt.org > To unsubscribe send an email to users-le...@ovirt.org > Privacy Statement: https://www.ovirt.org/privacy-policy.html > oVirt Code of Conduct: > https://www.ovirt.org/community/about/community-guidelines/ > List Archives: > https://lists.ovirt.org/archives/list/users@ovirt.org/message/HBVS4U2NK5XWPGCNOHCZLMUL544ZZI36/ > -- Martin Perina Manager, Software Engineering Red Hat Czech s.r.o.
_______________________________________________ Users mailing list -- users@ovirt.org To unsubscribe send an email to users-le...@ovirt.org Privacy Statement: https://www.ovirt.org/privacy-policy.html oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/ List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/XY7XAPUQJ2ATPZBHLYA2O3B456V4JVFG/
