Security update for amber-cli
| Announcement ID: | SUSE-SU-2025:02769-1 |
|---|---|
| Release Date: | 2025-08-12T13:49:39Z |
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability and has one security fix can now be installed.
Description:
This update for amber-cli fixes the following issues:
- Update to version 1.13.1+git20250329.c2e3bb8:
- CVE-2025-30204: Fixed jwt-go excessive memory allocation during header parsing (bsc#1240511)
- jwt version upgrade (#174)
- Update policy size limit to 20k (#173)
- Update tenant user model with latest changes (#172)
- Fix/workflow (#171)
- Upgrade GO version to 1.23.6 (#170)
- Update golang jwt dependency (#169)
- Update TMS roles struct (#167)
- Update jwt dependency version (#165)
- Add changes to support JWT (#163)
- Update roles struct to be in sync with TMS (#164)
- go upgrade to 1.22.7 (#162)
- CASSINI-22266: Added permissions in ci workflow files (#153)
- Add check for missing Security.md file (#150)
- Go version upgrade to 1.22.5 (#148)
- CLI changes (#140)
- Bump github.com/hashicorp/go-retryablehttp from 0.7.4 to 0.7.7 (#147)
- Update product model to include multiple plan IDs (#146)
- Updated the help section (#145)
- Mark policy type field as not required (#144)
- Upgrade/goversion 1.22.3 (#143)
- Remove policy type and attestation type check for policy creation (#142)
- Go version upgrade 1.22.2 (#141)
- Fix error message to include the correct set of characters (#138)
- UT coverage 80.9% (#137)
- Fix push installer workflow (#136)
- 3rd party versions upgrade (#133)
- GO version upgrade to 1.22.0 (#132)
- Fix/go version 1.21.6 (#127)
- Update API key validation regex as per latest changes (#125)
- Update API key validation regex as per latest changes (#124)
- dependency version upgrade (#123)
- Update tag create model (#121)
- CASSINI-10113: Add scans in CI (#99)
- corrected minor check condition (#120)
- Add check to validate env variable before setting (#119)
- Add version-check script (#118)
- Add file path check for invalid characters (#116)
- Update compoenent version (#117)
- Update README as per suggestions (#113) (#115)
- Added HTTP scheme validation to avoid API Key leakage (#108)
- CASSINI-10987 Golang version upgrade to 1.21.4 (#114)
- Update policy model as per the latest changes (#109)
- Remove branch info from on schedule (#106)
- Add BDBA scan to CI (#104)
- Update CLI URL (#105)
- updated licenses (#102)
- Updated version of all components to v1.0.0 for GA (#100)
- Validate the email id input before requesting list of users (#98)
- Remove redundant print statements (#97)
- Request ID and trace ID should be visible on the console for errors as well (#96)
- Update sample policy as per token profile update changes (#95)
- Update CLI name from tenantclt to inteltrustauthority (#93)
- Update the headers for request and trace id (#94)
- cassini-9466-Go version update to 1.20.6 (#91)
- Add retry logic to client in tenant CLI (#92)
-
Add request-id optional parameter for each command (#90)
-
Override build date with SOURCE_DATE_EPOCH (bsc#1047218)
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.6
zypper in -t patch SUSE-2025-2769=1 openSUSE-SLE-15.6-2025-2769=1 -
Server Applications Module 15-SP6
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP6-2025-2769=1 -
Server Applications Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Server-Applications-15-SP7-2025-2769=1
Package List:
-
openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)
- amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1
-
Server Applications Module 15-SP6 (aarch64 ppc64le s390x x86_64)
- amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1
-
Server Applications Module 15-SP7 (aarch64 ppc64le s390x x86_64)
- amber-cli-1.13.1+git20250329.c2e3bb8-150600.3.3.1