odoo-tower/admin-platform-v3
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tower 0.61.10 — Phase I review hardening

Browse Source 
Pre-test review of 0.61.9 surfaced two issues in the manifest reader:

1. v3 stores instanceCode under provenance.* but readManifestString
   only looked at recipe → root. Today the v2 root mirror covers it,
   but a future v4 dropping that mirror would silently lose the
   filestore-rename hint.

2. Adding a blanket provenance lookup re-opened the leak: a poison
   bundle could embed provenance.tenantId and have it reachable to
   any future caller.

Fix: provenance lookup is now allowlisted to {instanceCode}. Any
new provenance field requires an explicit constant addition,
which is a code-review gate against re-introducing the leak.

Round-trip simulation (tools/phase_i_simulate.go) passes for v3,
v3-pure (no v2 mirrors), v3-poison, and v2.
This commit is contained in:
Claude
2026-04-30 13:24:56 +03:00
parent 6007de6e41
commit bf0c67539e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
values.yaml
View File

@@ -9,7 +9,7 @@ backend:
# so every cluster that runs Tower needs the same imagePullSecret
# provisioned out-of-band (until cluster-platform-v3 owns it).
repository: registry.odoosky.cloud/odoosky/docker-mirror/tower
tag: "0.61.9"
tag: "0.61.10"
pullPolicy: IfNotPresent
imagePullSecrets:
- name: docker-mirror-pull