Hi,

this should already be fixed by https://github.com/oVirt/ovirt-dwh/pull/38 included in ovirt-engine-dwh-4.5.3,
which should be part of upcoming oVirt 4.5.1 release.

Regards,
Martin


On Tue, Jun 14, 2022 at 1:20 PM Igor Davidoff <igor.davidoff@cloudkleyer.de> wrote:
according to grafana:

https://grafana.com/blog/2022/02/08/grafana-7.5.15-and-8.3.5-released-with-moderate-severity-security-fixes/

it was the security fix CSRF (CVE-2022-21703) for version 7.5.15 and 8.3.5.
As ovirt engine uses httpd as reverse proxy and the grafana V. 7.5.15:
******
# grafana-server -v
Version 7.5.15 (commit: NA, branch: master)
******
the described configuration of "ProxyPreserveHost" for Host header is needed!

Can the dev. team take this configuration to  /etc/httpd/conf.d/ovirt-engine-grafana-proxy.conf
for the next update?

It is not the option to change the default config after every update.
_______________________________________________
Users mailing list -- users@ovirt.org
To unsubscribe send an email to users-leave@ovirt.org
Privacy Statement: https://www.ovirt.org/privacy-policy.html
oVirt Code of Conduct: https://www.ovirt.org/community/about/community-guidelines/
List Archives: https://lists.ovirt.org/archives/list/users@ovirt.org/message/HBVS4U2NK5XWPGCNOHCZLMUL544ZZI36/


--
Martin Perina
Manager, Software Engineering
Red Hat Czech s.r.o.