Advisories for Golang/Github.com/Minio/Console package

Impact Unicode RIGHT-TO-LEFT OVERRIDE characters can be used to mask the original filename. Reported-By Thanks to the report from Mio Li wulilixi1@gmail.com Patches commit 17e791afb90c9ad27c65f63c6be14f2f6a3a9d60 Author: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Date: Tue May 23 08:47:12 2023 -0700 Replace RIGHT-TO-LEFT OVERRIDE unicode (#2828) Signed-off-by: Daniel Valdivia <18384552+dvaldivia@users.noreply.github.com> Workarounds Workarounds are to remove the concerned file and rewrite it properly with the right file and extensions. Avoid using RTLO characters in your filenames.

Minio console is a graphical user interface for the for MinIO operator.Users unable to upgrade should add automountServiceAccountToken: false to the operator-console deployment in Kubernetes so no service account token will get mounted inside the pod, then disable the external identity provider authentication by unset the CONSOLE_IDP_URL, CONSOLE_IDP_CLIENT_ID, CONSOLE_IDP_SECRET and CONSOLE_IDP_CALLBACK environment variable and instead use the Kubernetes service account token.