mafyuh/iac
1
0
Fork 0
Code Issues 6 Pull requests 6 Projects 1 Wiki Activity Actions

⬆️ Update adguard/adguardhome Docker tag to v0.107.53 #250

Merged
mafyuh merged 2 commits from renovate/adguard-adguardhome-0.x into main 2024-10-05 01:07:44 -04:00
Conversation 0 Commits 2 Files changed 2 +2 -2
renovatebot commented 2024-10-03 09:00:41 -04:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
adguard/adguardhome (source) patch v0.107.52 -> v0.107.53

Release Notes

AdguardTeam/AdGuardHome (adguard/adguardhome)

v0.107.53

Compare Source

See also the v0.107.53 GitHub milestone.

Security

  • Previous versions of AdGuard Home allowed users to add any system file it had
    access to as filters, exposing them to be world-readable. To prevent this,
    AdGuard Home now allows adding filtering-rule list files only from files
    matching the patterns enumerated in the filtering.safe_fs_patterns property
    in the configuration file.

    We thank @​itz-d0dgy for reporting this vulnerability, designated
    CVE-2024-36814, to us.

  • Additionally, AdGuard Home will now try to change the permissions of its files
    and directories to more restrictive ones to prevent similar vulnerabilities
    as well as limit the access to the configuration.

    We thank @​go-compile for reporting this vulnerability, designated
    CVE-2024-36586, to us.

  • Go version has been updated to prevent the possibility of exploiting the Go
    vulnerabilities fixed in 1.23.2.

Added
  • Support for 64-bit RISC-V architecture (#​5704).
  • Ecosia search engine is now supported in safe search (#​5009).
Changed
  • Upstream server URL domain names requirements has been relaxed and now follow
    the same rules as their domain specifications.
Configuration changes

In this release, the schema version has changed from 28 to 29.

  • The new array filtering.safe_fs_patterns contains glob patterns for paths of
    files that can be added as local filtering-rule lists. The migration should
    add list files that have already been added, as well as the default value,
    $DATA_DIR/userfilters/*.
Fixed
  • Property clients.runtime_sources.dhcp in the configuration file not taking
    effect.
  • Stale Google safe search domains list (#​7155).
  • Bing safe search from Edge sidebar (#​7154).
  • Text overflow on the query log page (#​7119).
Known issues

  • Due to the complexity of the Windows permissions architecture and poor support
    from the standard Go library, we have to postpone the proper automated Windows
    fix until the next release.

    Temporary workaround: Set the permissions of the AdGuardHome directory
    to more restrictive ones manually. To do that:

    1. Locate the AdGuardHome directory.
    2. Right-click on it and navigate to Properties → Security → Advanced.
    3. (You might need to disable permission inheritance to make them more
      restricted.)
    4. Adjust to give the Full control access to only the user which runs
      AdGuard Home. Typically, Administrator.

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [adguard/adguardhome](https://adguard.com/en/adguard-home/overview.html) ([source](https://github.com/AdguardTeam/AdGuardHome)) | patch | `v0.107.52` -> `v0.107.53` | --- ### Release Notes <details> <summary>AdguardTeam/AdGuardHome (adguard/adguardhome)</summary> ### [`v0.107.53`](https://github.com/AdguardTeam/AdGuardHome/blob/HEAD/CHANGELOG.md#v010753---2024-10-03) [Compare Source](https://github.com/AdguardTeam/AdGuardHome/compare/v0.107.52...v0.107.53) See also the [v0.107.53 GitHub milestone][ms-v0.107.53]. ##### Security - Previous versions of AdGuard Home allowed users to add any system file it had access to as filters, exposing them to be world-readable. To prevent this, AdGuard Home now allows adding filtering-rule list files only from files matching the patterns enumerated in the `filtering.safe_fs_patterns` property in the configuration file. We thank [@&#8203;itz-d0dgy](https://github.com/itz-d0dgy) for reporting this vulnerability, designated CVE-2024-36814, to us. - Additionally, AdGuard Home will now try to change the permissions of its files and directories to more restrictive ones to prevent similar vulnerabilities as well as limit the access to the configuration. We thank [@&#8203;go-compile](https://github.com/go-compile) for reporting this vulnerability, designated CVE-2024-36586, to us. - Go version has been updated to prevent the possibility of exploiting the Go vulnerabilities fixed in [1.23.2][go-1.23.2]. ##### Added - Support for 64-bit RISC-V architecture ([#&#8203;5704]). - Ecosia search engine is now supported in safe search ([#&#8203;5009]). ##### Changed - Upstream server URL domain names requirements has been relaxed and now follow the same rules as their domain specifications. ##### Configuration changes In this release, the schema version has changed from 28 to 29. - The new array `filtering.safe_fs_patterns` contains glob patterns for paths of files that can be added as local filtering-rule lists. The migration should add list files that have already been added, as well as the default value, `$DATA_DIR/userfilters/*`. ##### Fixed - Property `clients.runtime_sources.dhcp` in the configuration file not taking effect. - Stale Google safe search domains list ([#&#8203;7155]). - Bing safe search from Edge sidebar ([#&#8203;7154]). - Text overflow on the query log page ([#&#8203;7119]). ##### Known issues - Due to the complexity of the Windows permissions architecture and poor support from the standard Go library, we have to postpone the proper automated Windows fix until the next release. **Temporary workaround:** Set the permissions of the `AdGuardHome` directory to more restrictive ones manually. To do that: 1. Locate the `AdGuardHome` directory. 2. Right-click on it and navigate to *Properties → Security → Advanced.* 3. (You might need to disable permission inheritance to make them more restricted.) 4. Adjust to give the `Full control` access to only the user which runs AdGuard Home. Typically, `Administrator`. [#&#8203;5009]: https://github.com/AdguardTeam/AdGuardHome/issues/5009 [#&#8203;5704]: https://github.com/AdguardTeam/AdGuardHome/issues/5704 [#&#8203;7119]: https://github.com/AdguardTeam/AdGuardHome/issues/7119 [#&#8203;7154]: https://github.com/AdguardTeam/AdGuardHome/pull/7154 [#&#8203;7155]: https://github.com/AdguardTeam/AdGuardHome/pull/7155 [go-1.23.2]: https://groups.google.com/g/golang-announce/c/NKEc8VT7Fz0 [ms-v0.107.53]: https://github.com/AdguardTeam/AdGuardHome/milestone/88?closed=1 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC45My4wIiwidXBkYXRlZEluVmVyIjoiMzguOTMuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
renovatebot added 1 commit 2024-10-03 09:00:41 -04:00
⬆️ Update adguard/adguardhome Docker tag to v0.107.53
All checks were successful
Lint on PR / Lint YAML files (pull_request) Successful in 9s
Details
b2c49c62cf
mafyuh added 1 commit 2024-10-05 01:07:34 -04:00
Merge branch 'main' into renovate/adguard-adguardhome-0.x
All checks were successful
Lint on PR / Lint YAML files (pull_request) Successful in 9s
Details
Deploy to Hosts / deploy (pull_request) Successful in 8s
Details
630b91dc6b
mafyuh merged commit cb77aeb5f1 into main 2024-10-05 01:07:44 -04:00
mafyuh deleted branch renovate/adguard-adguardhome-0.x 2024-10-05 01:07:45 -04:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
ansible

   
bug

Something is not working

  
docker

   
duplicate

This issue or pull request already exists

  
enhancement

New feature

  
help wanted

Need some help

  
invalid

Something is wrong

  
kubernetes

   
opentofu

   
packer

   
question

More information is needed

  
renovate

   
wontfix

This won't be fixed

No labels
ansible
bug
docker
duplicate
enhancement
help wanted
invalid
kubernetes
opentofu
packer
question
renovate
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: mafyuh/iac#250
No description provided.
Delete branch "renovate/adguard-adguardhome-0.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?