1.6.3 Security Release
Modified on: Mon, 17 May, 2021 at 1:40 PM
The nonce values included in Authentication Requests sent by Singularity Enterprise may not contain sufficient entropy as specified by the OpenID Connect Core 1.0 specification, due to a deficiency in the github.com/satori/go.uuid module used to generate nonce values.
A patch is available in versions 1.2 through 1.6 of Singularity Enterprise, and customers are encouraged to upgrade. The patch is included in the following versions:
No remediation is available, customers are encouraged to upgrade to a patched version.
For more information
If you have any questions or comments about this advisory, please contact firstname.lastname@example.org.
Did you find it helpful?
Sorry we couldn't be helpful. Help us improve this article with your feedback.