diff --git a/daprdocs/content/en/concepts/security-concept.md b/daprdocs/content/en/concepts/security-concept.md index 9c4846685..20892e71d 100644 --- a/daprdocs/content/en/concepts/security-concept.md +++ b/daprdocs/content/en/concepts/security-concept.md @@ -211,6 +211,21 @@ The Dapr threat model is below. ## Security audit +### June 2023 + +In June 2023, Dapr completed a fuzzing audit done by Ada Logics. + +The audit achieved the following: + +- OSS-Fuzz integration +- 39 new fuzzers for Dapr +- Fuzz test coverage for Dapr Runtime, Kit and Components-contrib +- All fuzzers running continuously after the audit has completed + +You can find the full report [here](/docs/Dapr-june-2023-fuzzing-audit-report.pdf). + +3 issues were found during the audit. + ### February 2021 In February 2021, Dapr went through a 2nd security audit targeting its 1.0 release by Cure53. @@ -255,4 +270,4 @@ Visit [this page]({{< ref support-security-issues.md >}}) to report a security i ## Related links -[Operational Security]({{< ref "security.md" >}}) \ No newline at end of file +[Operational Security]({{< ref "security.md" >}}) diff --git a/daprdocs/content/en/operations/support/support-release-policy.md b/daprdocs/content/en/operations/support/support-release-policy.md index aec05cfe4..704c58fe3 100644 --- a/daprdocs/content/en/operations/support/support-release-policy.md +++ b/daprdocs/content/en/operations/support/support-release-policy.md @@ -32,8 +32,8 @@ Patch support is for supported versions (current and previous). The Dapr's sidecar image is published to both [GitHub Container Registry](https://github.com/dapr/dapr/pkgs/container/daprd) and [Docker Registry](https://hub.docker.com/r/daprio/daprd/tags). The default image contains all components. From version 1.11, Dapr also offers a variation of the sidecar image, containing only stable components. -* Default sidecar images: `daprio/daprd:` or `ghcr.io/dapr/daprd:` (for example `ghcr.io/dapr/daprd:1.11.0`) -* Sidecar images for stable components: `daprio/daprd:-stablecomponents` or `ghcr.io/dapr/daprd:-stablecomponents` (for example `ghcr.io/dapr/daprd:1.11.0-stablecomponents`) +* Default sidecar images: `daprio/daprd:` or `ghcr.io/dapr/daprd:` (for example `ghcr.io/dapr/daprd:1.11.1`) +* Sidecar images for stable components: `daprio/daprd:-stablecomponents` or `ghcr.io/dapr/daprd:-stablecomponents` (for example `ghcr.io/dapr/daprd:1.11.1-stablecomponents`) On Kubernetes, the sidecar image can be overwritten for the application Deployment resource with the `dapr.io/sidecar-image` annotation. See more about [Dapr's arguments and annotations]({{}}). The default 'daprio/daprd:latest' image is used if not specified. @@ -45,6 +45,7 @@ The table below shows the versions of Dapr releases that have been tested togeth | Release date | Runtime | CLI | SDKs | Dashboard | Status | |--------------------|:--------:|:--------|---------|---------|---------| +| June 22nd 2023 | 1.11.1
| 1.11.0 | Java 1.9.0
Go 1.8.0
PHP 1.1.0
Python 1.10.0
.NET 1.11.0
JS 3.1.0 | 0.13.0 | Supported (current) | | June 12th 2023 | 1.11.0
| 1.11.0 | Java 1.9.0
Go 1.8.0
PHP 1.1.0
Python 1.10.0
.NET 1.11.0
JS 3.1.0 | 0.13.0 | Supported (current) | | May 15th 2023 | 1.10.7
| 1.10.0 | Java 1.8.0
Go 1.7.0
PHP 1.1.0
Python 1.9.0
.NET 1.10.0
JS 3.0.0 | 0.11.0 | Supported | | May 12th 2023 | 1.10.6
| 1.10.0 | Java 1.8.0
Go 1.7.0
PHP 1.1.0
Python 1.9.0
.NET 1.10.0
JS 3.0.0 | 0.11.0 | Supported | @@ -116,8 +117,8 @@ General guidance on upgrading can be found for [self hosted mode]({{< ref self-h | | 1.9.6 | 1.10.7 | | 1.8.0 to 1.8.6 | N/A | 1.9.6 | | 1.9.0 | N/A | 1.9.6 | -| 1.10.0 | N/A | 1.10.7 | -| 1.11.0 | N/A | 1.11.0 | +| 1.10.0 | N/A | 1.10.8 | +| 1.11.0 | N/A | 1.11.1 | ## Upgrade on Hosting platforms diff --git a/daprdocs/content/en/reference/api/bindings_api.md b/daprdocs/content/en/reference/api/bindings_api.md index d0981de2b..d7170ff7b 100644 --- a/daprdocs/content/en/reference/api/bindings_api.md +++ b/daprdocs/content/en/reference/api/bindings_api.md @@ -37,6 +37,45 @@ If running on kubernetes apply the component to your cluster. > **Note:** In production never place passwords or secrets within Dapr component files. For information on securely storing and retrieving secrets using secret stores refer to [Setup Secret Store]({{< ref setup-secret-store >}}) +### Binding direction (optional) + +In some scenarios, it would be useful to provide additional information to Dapr to indicate the direction supported by the binding component. +Providing the supported binding direction helps the Dapr sidecar avoid the `"wait for the app to become ready"` state, where it waits indefinitely for the application to become available. + +You can specify the `direction` field as part of the component's metadata. The valid values for this field are: +- `"input"` +- `"output"` +- `"input, output"` + +Here a few scenarios when the `"direction"` metadata field could help: + +- When an application (detached from the sidecar) runs as a serverless workload and is scaled to zero, the `"wait for the app to become ready"` check done by the Dapr sidecar becomes pointless. + +- If the detached Dapr sidecar is scaled to zero and the application reaches the sidecar (before even starting an HTTP server), the `"wait for the app to become ready"` deadlocks the app and the sidecar into waiting for each other. + +### Example + +```yaml +apiVersion: dapr.io/v1alpha1 +kind: Component +metadata: + name: kafkaevent +spec: + type: bindings.kafka + version: v1 + metadata: + - name: brokers + value: "http://localhost:5050" + - name: topics + value: "someTopic" + - name: publishTopic + value: "someTopic2" + - name: consumerGroup + value: "group1" + - name: "direction" + value: "input, output" +``` + ## Invoking Service Code Through Input Bindings A developer who wants to trigger their app using an input binding can listen on a `POST` http endpoint with the route name being the same as `metadata.name`. diff --git a/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md b/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md index 8e5bab356..082b4403b 100644 --- a/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md +++ b/daprdocs/content/en/reference/components-reference/supported-bindings/servicebusqueues.md @@ -153,6 +153,36 @@ curl -X POST http://localhost:3500/v1.0/bindings/myServiceBusQueue \ {{< /tabs >}} +## Schedule a message + +A message can be scheduled for delayed processing. + +To schedule a message, use the `metadata` section in the request body during the binding invocation: the field name is `ScheduledEnqueueTimeUtc`. + +The supported timestamp formats are [RFC1123](https://www.rfc-editor.org/rfc/rfc1123) and [RFC3339](https://www.rfc-editor.org/rfc/rfc3339). + +{{< tabs "Linux">}} + +{{% codetab %}} + +```shell +curl -X POST http://localhost:3500/v1.0/bindings/myServiceBusQueue \ + -H "Content-Type: application/json" \ + -d '{ + "data": { + "message": "Hi" + }, + "metadata": { + "ScheduledEnqueueTimeUtc": "Tue, 02 Jan 2024 15:04:05 GMT" + }, + "operation": "create" + }' +``` + +{{% /codetab %}} + +{{< /tabs >}} + ## Related links - [Basic schema for a Dapr component]({{< ref component-schema >}}) diff --git a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md index e2916a713..a07554885 100644 --- a/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md +++ b/daprdocs/content/en/reference/components-reference/supported-middleware/middleware-bearer.md @@ -22,22 +22,30 @@ spec: version: v1 metadata: - name: audience - value: "" + value: "" - name: issuer value: "" # Optional values - name: jwksURL - value: "https://accounts.google.com/.well-known/openid-configuration" + value: "" ``` + ## Spec metadata fields | Field | Required | Details | Example | |-------|:--------:|---------|---------| | `audience` | Y | The audience expected in the tokens. Usually, this corresponds to the client ID of your application that is created as part of a credential hosted by a OpenID Connect platform. | -| `issuer` | Y | The issuer authority, which is the value expected in the issuer claim in the tokens. | `"https://accounts.google.com"`, `"https://login.salesforce.com"` +| `issuer` | Y | The issuer authority, which is the value expected in the issuer claim in the tokens. | `"https://accounts.google.com"` | `jwksURL` | N | Address of the JWKS (JWK Set containing the public keys for verifying tokens). If empty, will try to fetch the URL set in the OpenID Configuration document `/.well-known/openid-configuration`. | `"https://accounts.google.com/.well-known/openid-configuration"` +Common values for `issuer` include: + +- Auth0: `https://{domain}`, where `{domain}` is the domain of your Auth0 application +- Azure AD: `https://login.microsoftonline.com/{tenant}/v2.0`, where `{tenant}` should be replaced with the tenant ID of your application, as a UUID +- Google: `https://accounts.google.com` +- Salesforce (Force.com): `https://login.salesforce.com` + ## Dapr configuration To be applied, the middleware must be referenced in [configuration]({{< ref configuration-concept.md >}}). See [middleware pipelines]({{< ref "middleware.md">}}). diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md index f18ff5355..8ff7dbd56 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-queues.md @@ -137,6 +137,8 @@ To set Azure Service Bus metadata when sending a message, set the query paramete > **Note:** The `metadata.MessageId` property does not set the `id` property of the cloud event returned by Dapr and should be treated in isolation. +> **Note:** The `metadata.ScheduledEnqueueTimeUtc` property supports the [RFC1123](https://www.rfc-editor.org/rfc/rfc1123) and [RFC3339](https://www.rfc-editor.org/rfc/rfc3339) timestamp formats. + ### Receiving a message with metadata When Dapr calls your application, it will attach Azure Service Bus message metadata to the request using either HTTP headers or gRPC metadata. diff --git a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md index 2ba349d25..7d9ab5b16 100644 --- a/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md +++ b/daprdocs/content/en/reference/components-reference/supported-pubsub/setup-azure-servicebus-topics.md @@ -142,6 +142,8 @@ To set Azure Service Bus metadata when sending a message, set the query paramete > **NOTE:** If the `metadata.SessionId` property is not set but the topic requires sessions then an empty session id will be used. +> **NOTE:** The `metadata.ScheduledEnqueueTimeUtc` property supports the [RFC1123](https://www.rfc-editor.org/rfc/rfc1123) and [RFC3339](https://www.rfc-editor.org/rfc/rfc3339) timestamp formats. + ### Receiving a message with metadata When Dapr calls your application, it will attach Azure Service Bus message metadata to the request using either HTTP headers or gRPC metadata. diff --git a/daprdocs/layouts/shortcodes/dapr-latest-version.html b/daprdocs/layouts/shortcodes/dapr-latest-version.html index a64a972f2..41d35c151 100644 --- a/daprdocs/layouts/shortcodes/dapr-latest-version.html +++ b/daprdocs/layouts/shortcodes/dapr-latest-version.html @@ -1 +1 @@ -{{- if .Get "short" }}1.11{{ else if .Get "long" }}1.11.0{{ else if .Get "cli" }}1.11.0{{ else }}1.11.0{{ end -}} +{{- if .Get "short" }}1.11{{ else if .Get "long" }}1.11.1{{ else if .Get "cli" }}1.11.0{{ else }}1.11.1{{ end -}} diff --git a/daprdocs/static/docs/Dapr-june-2023-fuzzing-audit-report.pdf b/daprdocs/static/docs/Dapr-june-2023-fuzzing-audit-report.pdf new file mode 100644 index 000000000..3a43a7dfd Binary files /dev/null and b/daprdocs/static/docs/Dapr-june-2023-fuzzing-audit-report.pdf differ