feat: Update v3.10.21

GITSHA

@@ -0,0 +1 @@
+40d326d6a616fd877414f1cf14a886e221f3bd64

apps/authentication/api/connection_token.py

@@ -66,8 +66,6 @@ class RDPFileClientProtocolURLMixin:
             'autoreconnection enabled:i': '1',
             'bookmarktype:i': '3',
             'use redirection server name:i': '0',
-            'bitmapcachepersistenable:i': '0',
-            'bitmapcachesize:i': '1500',
         }
         # 设置多屏显示
         multi_mon = is_true(self.request.query_params.get('multi_mon'))

apps/authentication/middleware.py

@@ -36,7 +36,7 @@ class MFAMiddleware:
         # 这个是 mfa 登录页需要的请求, 也得放出来, 用户其实已经在 CAS/OIDC 中完成登录了
         white_urls = [
             'login/mfa', 'mfa/select', 'jsi18n/', '/static/',
-            '/profile/otp', '/logout/', '/media/'
+            '/profile/otp', '/logout/',
         ]
         for url in white_urls:
             if request.path.find(url) > -1:

apps/jumpserver/const.py

@@ -8,7 +8,7 @@ __all__ = ['BASE_DIR', 'PROJECT_DIR', 'VERSION', 'CONFIG']
 
 BASE_DIR = os.path.dirname(os.path.dirname(os.path.abspath(__file__)))
 PROJECT_DIR = os.path.dirname(BASE_DIR)
-VERSION = '2.0.0'
+VERSION = 'v3.10.21'
 CONFIG = ConfigManager.load_user_config()
 
 

apps/jumpserver/middleware.py

@@ -3,10 +3,10 @@
 import json
 import os
 import re
+import time
 from urllib.parse import urlparse, quote
 
 import pytz
-import time
 from django.conf import settings
 from django.core.exceptions import MiddlewareNotUsed
 from django.http.response import HttpResponseForbidden
@@ -162,16 +162,9 @@ class SafeRedirectMiddleware:
             target_host = parsed.netloc
             if target_host in [*settings.ALLOWED_HOSTS]:
                 return response
-            target_host, target_port = self._split_host_port(parsed.netloc)
+            origin = f"{request.scheme}://{request.get_host()}"
-            origin_host, origin_port = self._split_host_port(request.get_host())
+            target_origin = f"{parsed.scheme}://{target_host}"
-            if target_host != origin_host:
+            if not target_origin.startswith(origin):
                 safe_redirect_url = '%s?%s' % (reverse('redirect-confirm'), f'next={quote(location)}')
                 return redirect(safe_redirect_url)
         return response
-
-    @staticmethod
-    def _split_host_port(netloc):
-        if ':' in netloc:
-            host, port = netloc.split(':', 1)
-            return host, port
-        return netloc, '80'

pyproject.toml

@@ -1,6 +1,6 @@
 [tool.poetry]
 name = "jumpserver"
-version = "v3.9"
+version = "v3.10.21"
 description = "广受欢迎的开源堡垒机"
 authors = ["ibuler <ibuler@qq.com>"]
 license = "GPLv3"
@@ -147,7 +147,7 @@ mistune = "2.0.3"
 openai = "^1.29.0"
 xlsxwriter = "^3.1.9"
 exchangelib = "^5.1.0"
-xmlsec = "1.3.14"
+xmlsec = "1.3.13"
 lxml = "5.2.1"
 receptorctl = "^1.4.5"
 pydantic = "^2.7.4"