As promised, we're publishing a security advisory for a security vulnerability in flyteconsole. We recommend users to upgrade to flyteconsole v0.52.0 or greater ASAP (which corresponds to Flyte v0.19.4). As mentioned earlier, we yanked all affected versions from the official image repository. We've also reached out to affected folks individually and believe that all impacted deployments have been patched. For more details about the exploit, please visit https://github.com/flyteorg/flyteconsole/security/advisories/GHSA-www6-hf2v-v9m9.

Is there a mailing list where one could subscribe to such notifications? Or even more general? So that not needing to attend to find a vulnerability message in the middle of slack? [ I think I’ve looked around a bit … but ??? ] Thanks! How else are such things being publicized?

@austin, I'd say the monthly newsletter is the venue we're using for these wider announcements. In this specific case we reached out to the affected teams and also mentioned that in the OSS sync ups. We are also going to specifically call out the security advisory in the next newsletter.