From 44293830513a6c512225e8d7c100b2252c52f211 Mon Sep 17 00:00:00 2001 From: Thomas Gerbet Date: Tue, 3 Dec 2024 22:45:06 +0100 Subject: [PATCH] authentik: flag with `knownVulnerabilities` The bump to 2024.10.x is currently stalled in #345940. The fix for CVE-2024-52289 involves a backward incompatible API and DB change so it is also not great for a backport even if we cherry-picks the security fixes. Given no NixOS module is available in nixpkgs marking the package with `knownVulnerabilities` should have a limited impact. (cherry picked from commit 384f6f592b99f7ed384da7282d6aa6166eae075b) --- pkgs/by-name/au/authentik/package.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/by-name/au/authentik/package.nix b/pkgs/by-name/au/authentik/package.nix index ed1da779fb23e..4915cc4a1fbc3 100644 --- a/pkgs/by-name/au/authentik/package.nix +++ b/pkgs/by-name/au/authentik/package.nix @@ -30,6 +30,12 @@ let license = licenses.mit; platforms = platforms.linux; maintainers = with maintainers; [ jvanbruegge risson ]; + knownVulnerabilities = [ + "CVE-2024-52307" + "CVE-2024-52287" + "CVE-2024-52289" + "Authentik 2024.6.x is end-of-life, consider using https://github.com/nix-community/authentik-nix for an up-to-date alternative" + ]; }; website = buildNpmPackage {