Skip to content

infisical

v0.160.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 15d Secrets & Credentials
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

acme certificate-management cli environment-variables go node-js
+9 more
pki postgresql private-ca secrets-management secret-manager secret-scanning security security-tools typescript

Affected surfaces

auth rbac

Summary

AI summary

Fixes honey token trigger, removes cert manager block, adds per-job cron timeout, and introduces browser-based RDP client with session recording for PAM.

Changes in this release

Security Medium

Fixed padding oracle RSA vulnerability on SCEP

Fixed padding oracle RSA vulnerability on SCEP

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Browser-based RDP client with session recording and playback added for PAM

Browser-based RDP client with session recording and playback added for PAM

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Medium

Allowed duplication of secrets between environments

Allowed duplication of secrets between environments

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Medium

Added bypass approvals for PAM access requests

Added bypass approvals for PAM access requests

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Feature Medium

Per-connection concurrency admission made atomic; retry budget extended to 60 minutes

Per-connection concurrency admission made atomic; retry budget extended to 60 minutes

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Added PVC for session recording persistence in gateway Helm chart

Added PVC for session recording persistence in gateway Helm chart

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Implemented extensible window error tracking system for audit log streams

Implemented extensible window error tracking system for audit log streams

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Feature Medium

Resolved Entra SCIM replace issue

Resolved Entra SCIM replace issue

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Performance Medium

Improved EST Authentication

Improved EST Authentication

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Performance Medium

Decreased gateway health check interval for HA

Decreased gateway health check interval for HA

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Bugfix Medium

Bug fix for honey token trigger

Bug fix for honey token trigger

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Removed block for cert manager project endpoints

Removed block for cert manager project endpoints

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Explicit project ID requests no longer throw BadRequestError

Explicit project ID requests no longer throw BadRequestError

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Removed BadRequestError on multiple cert-manager projects

Removed BadRequestError on multiple cert-manager projects

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: high
Bugfix Medium

Show multiple actions in org roles page

Show multiple actions in org roles page

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Per-job timeout for daily resource cleanup

Per-job timeout for daily resource cleanup

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Other Medium

Slug format validated on frontend; unique constraint error thrown on backend

Slug format validated on frontend; unique constraint error thrown on backend

Source: granite4.1:8b-q6_K@2026-05-19

Confidence: low
Full changelog

What's Changed

  • fix: bug fix for honey token trigger by @mathnogueira in https://github.com/Infisical/infisical/pull/6460
  • fix: removed block for cert manager project endpoints by @sheensantoscapadngan in https://github.com/Infisical/infisical/pull/6511
  • chore(cron): per-job timeout for daily resource cleanup by @victorvhs017 in https://github.com/Infisical/infisical/pull/6506
  • improvement: decrease gateway health check interval for HA by @saifsmailbox98 in https://github.com/Infisical/infisical/pull/6432
  • fix: explicit project id requests throw BadRequestError by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6512
  • fix: remove BadRequestError on multiple cert-manager projects by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6514
  • fix(secret-sync): make per-connection concurrency admission atomic and extend retry budget to 60 min by @scott-ray-wilson in https://github.com/Infisical/infisical/pull/6467
  • feat(pam): browser-based RDP client with session recording and playback by @bernie-g in https://github.com/Infisical/infisical/pull/6403
  • chore: validate slug format on FE and throw unique constrain error on BE by @Thiago-AS in https://github.com/Infisical/infisical/pull/6489
  • feat(secrets): allow duplication of secrets between environments by @adilsitos in https://github.com/Infisical/infisical/pull/6388
  • fix: padding oracle RSA on SCEP by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6411
  • feat(pam): add bypass approvals for PAM access requests by @saifsmailbox98 in https://github.com/Infisical/infisical/pull/6263
  • feat(gateway-helm): add PVC for session recording persistence by @x032205 in https://github.com/Infisical/infisical/pull/6491
  • feat(api): adds extensible window error tracking system for audit log streams by @Thiago-AS in https://github.com/Infisical/infisical/pull/6470
  • fix: show multiple actions in org roles page by @mathnogueira in https://github.com/Infisical/infisical/pull/6528
  • fix: improve EST Authentication by @carlosmonastyrski in https://github.com/Infisical/infisical/pull/6428
  • feat: resolved entra scim replace issue by @akhilmhdh in https://github.com/Infisical/infisical/pull/6525

Full Changelog: https://github.com/Infisical/infisical/compare/v0.160.0...v0.160.1

Security Fixes

  • Fix padding oracle RSA vulnerability on SCEP
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track infisical

Get notified when new releases ship.

Sign up free

About infisical

Infisical is the open-source platform for secrets, certificates, and privileged access management.

All releases →

Related context

Beta — feedback welcome: [email protected]