Metabase - v0.41.9

Security

Security fixes
* SSO users able to circumvent IdP login by doing password reset (https://github.com/metabase/metabase/security/advisories/GHSA-gw4g-ww2m-v7vc)
* GeoJSON validation doesn't prevent redirects to blocked URLs (https://github.com/metabase/metabase/security/advisories/GHSA-w5j7-4mgm-77f4)
* Arbitrary SQL execution from queryhash (https://github.com/metabase/metabase/security/advisories/GHSA-93wj-fgjg-r238)
* Remote Code Execution via H2 (https://github.com/metabase/metabase/security/advisories/GHSA-gqpj-wcr3-p88v)

Upgrading

You can download a .jar of the release, or get the latest on Docker. Make sure to back up your Metabase
database before you upgrade! Need help? Check out our
upgrading instructions.

Docker image: metabase/metabase:v0.41.9
Download the JAR here: https://downloads.metabase.com/v0.41.9/metabase.jar

Notes

SHA-256 checksum for the 0.41.9 JAR:

44fe9dc840982115f85dea5275f788d45e4e58a901cbbeec3f01aa300e27e85c

Security

Security wording was detected, but no CVEs were found.

Details

date
Oct. 25, 2022, 10:35 a.m.
name
Metabase v0.41.9
type
Patch
official page
https://github.com/metabase/metabase/releases/tag/v0.41.9
👇
Register or login to:
  • 🔍View and search all Metabase releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or