This vulnerability is critical.
This critical vulnerability allows authenticated users to remotely execute code within the Onyxia-API, leading to potential consequences such as unauthorized access to other user environments and denial of service attacks.
Versions 7 and below are no longer supported. Upgrade to a newer version to resolve this issue.
Version 8 is built on Onyxia API v2.x. To update, use Onyxia chart v8.27.16 and explicitly set the API tag to v2.8.2 or after
Version 9 is built on Onyxia API v3.x. To update, use Onyxia chart v9.2.1 and explicitly set the API tag to v3.1.1 or after
Version 10 is built on Onyxia API v4.x. You can use Onyxia chart v10.4.0 and after.
For version 8 and 9 you need to modify the `values.yaml`
Organizations using Onyxia in production can benefit from early notifications about security issues, receiving updates before public announcements.
How to Join
To be included in our security mailing list, please send an email to innovation@insee.fr with the following information:
Your Organization Name: Confirm that your organization is using Onyxia in production.
Contact Email(s): Provide the email addresses to be added to the mailing list.
Permission to Acknowledge Usage (Optional): Let us know if we may publicly acknowledge that your organization is using Onyxia in production (e.g., on our website or presentations).
Why Join?
Being part of this list ensures your organization stays ahead of potential vulnerabilities, enabling timely updates and minimizing risks.
We value transparency and collaboration in maintaining a secure and reliable ecosystem for all Onyxia users.