Skip to content

openrundev/openrun](https:

v0.15.8 Breaking

This release includes 1 breaking change for platform teams planning a safe upgrade.

Published 7mo Containers & Orchestration
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →

✓ No known CVEs patched in this version

Topics

appserver containers deployment devops-tools docker go
+7 more
htmx internal-tools kubernetes kubernetes-deployment low-code-platform self-hosted starlark

Affected surfaces

auth

Summary

AI summary

Updates Other, @akclace, and f7723f497c4afc6fbc588b169fa862b1d4878999 across a mixed release.

Full changelog

Changelog

  • Enable CSRF protection for internal APIs and for apps. App level CSRF protection is enabled by default.
    Use security.disable_csrf_protection = true to disable. Disable in app metadata by running
    openrun app update-metadata conf --promote 'security.disable_csrf_protection=true' /myapp

Other

  • 55bfca099d98add50f102c41a75657860badcbd6: Added ChangeLog.md file (@akclace)
  • f7723f497c4afc6fbc588b169fa862b1d4878999: Added OpenSSF badge (@akclace)
  • e484bb7ddf9422d85e2162db5fbd365fa03b9817: Enabled CSRF check middleware (@akclace)
  • 8f556e0bc137702efeafe70ddab12f522dbf217a: Fix date (@akclace)
  • 8cc9a98a5376caed0405db36332ad7bc23873e15: Renamed to CHANGELOG.md (@akclace)
  • 85dc94e8a44cee856d8620a88251270dc744ec1b: Updated config file (@akclace)

Breaking Changes

  • Default CSRF protection enabled for internal APIs and apps; set `security.disable_csrf_protection = true` to disable.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track openrundev/openrun](https:

Get notified when new releases ship.

Sign up free

About openrundev/openrun](https:

All releases →

Related context

Beta — feedback welcome: [email protected]