From f3c2e0de477017995741bbc5fe040068def2b11d Mon Sep 17 00:00:00 2001 From: William Dumont Date: Thu, 19 Sep 2024 11:01:31 +0200 Subject: [PATCH 1/2] add quotes windows path (#7028) --- packaging/grafana-agent-flow/windows/install_script.nsis | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/packaging/grafana-agent-flow/windows/install_script.nsis b/packaging/grafana-agent-flow/windows/install_script.nsis index 0d06eae01d76..7df80ab40d34 100644 --- a/packaging/grafana-agent-flow/windows/install_script.nsis +++ b/packaging/grafana-agent-flow/windows/install_script.nsis @@ -97,7 +97,7 @@ Section "install" Call InitializeRegistry # Create the service. - nsExec::ExecToLog 'sc create "Grafana Agent Flow" start= delayed-auto binpath= "$INSTDIR\grafana-agent-service-windows-amd64.exe"' + nsExec::ExecToLog 'sc create "Grafana Agent Flow" start= delayed-auto binpath= "\"$INSTDIR\grafana-agent-service-windows-amd64.exe\""' Pop $0 # Start the service. @@ -135,7 +135,7 @@ Function InitializeRegistry nsExec::ExecToLog 'Reg.exe query "${REGKEY}" /reg:64 /ve' Pop $0 ${If} $0 == 1 - nsExec::ExecToLog 'Reg.exe add "${REGKEY}" /reg:64 /ve /d "$INSTDIR\grafana-agent-flow-windows-amd64.exe"' + nsExec::ExecToLog 'Reg.exe add "${REGKEY}" /reg:64 /ve /d "\"$INSTDIR\grafana-agent-flow-windows-amd64.exe\""' Pop $0 # Ignore return result ${EndIf} From c3afc73e5b08bd47148caf3baee775c8d4886de2 Mon Sep 17 00:00:00 2001 From: William Dumont Date: Thu, 19 Sep 2024 12:02:40 +0200 Subject: [PATCH 2/2] update version to v0.43.1 (#7030) --- CHANGELOG.md | 7 +++++++ docs/sources/_index.md | 2 +- static/operator/defaults.go | 2 +- tools/gen-versioned-files/agent-version.txt | 2 +- 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 908f0b979803..ead4a81b5550 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,13 @@ internal API changes are not present. Main (unreleased) ----------------- +v0.43.1 (2024-09-19) +------------------------- + +### Security fixes + +- Add quotes to windows service path to prevent path interception attack. (@wildum) + v0.43.0 (2024-09-11) ------------------------- diff --git a/docs/sources/_index.md b/docs/sources/_index.md index b5ca3d7b16d7..89e001d80ad0 100644 --- a/docs/sources/_index.md +++ b/docs/sources/_index.md @@ -9,7 +9,7 @@ title: Grafana Agent description: Grafana Agent is a flexible, performant, vendor-neutral, telemetry collector weight: 350 cascade: - AGENT_RELEASE: v0.43.0 + AGENT_RELEASE: v0.43.1 OTEL_VERSION: v0.96.0 refs: variants: diff --git a/static/operator/defaults.go b/static/operator/defaults.go index b1f8ce43fc15..1f61a219f6a3 100644 --- a/static/operator/defaults.go +++ b/static/operator/defaults.go @@ -2,7 +2,7 @@ package operator // Supported versions of the Grafana Agent. var ( - DefaultAgentVersion = "v0.43.0" + DefaultAgentVersion = "v0.43.1" DefaultAgentBaseImage = "grafana/agent" DefaultAgentImage = DefaultAgentBaseImage + ":" + DefaultAgentVersion ) diff --git a/tools/gen-versioned-files/agent-version.txt b/tools/gen-versioned-files/agent-version.txt index e38880d6a2a4..134def0bfbdc 100644 --- a/tools/gen-versioned-files/agent-version.txt +++ b/tools/gen-versioned-files/agent-version.txt @@ -1 +1 @@ -v0.43.0 \ No newline at end of file +v0.43.1 \ No newline at end of file