Nixpkgs security tracker
Dismissed
(not in Nixpkgs)
by @LeSuisse Activity log
- Created suggestion
- @LeSuisse dismissed (not in Nixpkgs)
DSF: Missing Session Timeout for OIDC Sessions
The Data Sharing Framework (DSF) implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This vulnerability is fixed in 2.1.0.
References
-
https://dsf.dev/operations/v2.1.0/bpe/oidc.html x_refsource_MISC
-
https://dsf.dev/operations/v2.1.0/fhir/oidc.html x_refsource_MISC
Affected products
dsf
- ==< 2.1.0
dsf-bpe-server
- ==< 2.1.0
dsf-fhir-server
- ==< 2.1.0
dsf-common-jetty
- ==< 2.1.0
Matching in nixpkgs
pkgs.mdsf
Format markdown code blocks using your favorite tools
pkgs.dsf2flac
DSD to FLAC transcoding tool
-
nixos-unstable 0-unstable-2025-01-31
- nixpkgs-unstable 0-unstable-2025-01-31
- nixos-unstable-small 0-unstable-2025-01-31
-
nixos-25.11 0-unstable-2025-01-31
- nixos-25.11-small 0-unstable-2025-01-31
- nixpkgs-25.11-darwin 0-unstable-2025-01-31
pkgs.python312Packages.gdsfactory
Python library to generate GDS layouts
pkgs.python313Packages.gdsfactory
Python library to generate GDS layouts
pkgs.pkgsRocm.python3Packages.gdsfactory
Python library to generate GDS layouts
Package maintainers
-
@artemist Artemis Tosini <me@artem.ist>
-
@luftmensch-luftmensch Valentino Bocchetti <valentinobocchetti59@gmail.com>
-
@fedeinthemix Federico Beffa <beffa@fbengineering.ch>