Release date: 8 March 2021
Bug Fixes
- The FileSystem bucket provider was previously enabled by default on new installations and disabled on upgrades. For security reasons related to the risk of exposing sensitive areas of an operating system configuration and settings, we now discourage the use of FileSystem. Therefore, the provider is now disabled by default in both new installation and upgrade scenarios.
A newweb.config
setting is available to control the use of FileSystem buckets:Buckets.FileSystem.Allowlist
. Considering that FileSystem is now disabled by default, if you nevertheless decide to opt for this provider, you first need to enable it, and then explicitly specify the FileSystem locations you want to make available for storage using the new setting.Buckets.FileSystem.Allowlist
has no default value, so no FileSystem paths can initially be used. Only paths subsequently added to this allowlist by the administrator are accessible.
Please refer to Using the FileSystem Storage Allowlist Securely before configuringBuckets.FileSystem.Allowlist
.
We have added two new parameters toPublish-Orchestrator.ps1
script to help you manage the bucket providers you opt for:bucketsAvailableProviders
andbucketsFileSystemAllowlist
. For more details, see Publish-Orchestrator.ps1 Parameters.
The Platform Configuration Tool performs new checks targeting FileSystem buckets. Specifically, the tool looks for all FileSystem buckets and ensures that their root path is configured inBuckets.FileSystem.Allowlist
app setting. To find out more about these checks, refer to the Platform Configuration Tool page.
No authentication was required to access Orchestrator storage if the file path was known. This behavior no longer occurs.
Updated about a year ago