Merge pull request runatlantis#59 from runatlantis/release-0.3.2

Release v0.3.2
pramine · Mar 11, 2018 · 9d93674 · 9d93674
2 parents cb9470b + 8ea055e
commit 9d93674
Show file tree

Hide file tree

Showing 2 changed files with 31 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,33 @@
+# v0.3.2
+
+## Description
+This release focused on some security issues reported by @eriksw, thanks Erik!
+By default, Atlantis will be more secure now and you'll have to specify which repositories
+you want it to work on.
+
+## Features
+* New flag `--allow-fork-prs` added to `atlantis server` controls whether Atlantis will operate on pull requests from forks. Defaults to `false`.
+This flag was added because on a public repository anyone could open up a pull request to your repo and use your Atlantis
+install.
+* New mandatory flag `--repo-whitelist` added to `atlantis server` controls which repos Atlantis will operate on. This flag was added
+so that if a webhook secret is compromised (or you're not using webhook secrets) Atlantis won't be used on repos you don't control.
+* Warn if running `atlantis server` without any webhook secrets set. This is dangerous because without a webhook secret, an attacker
+could spoof requests to Atlantis.
+* Make CLI output more readable by setting a fixed column width.
+
+## Bug Fixes
+* None
+
+## Backwards Incompatibilities / Notes:
+* Must set `--allow-fork-prs` now if you want to run Atlantis on pull requests from forked repos.
+* Must set `--repo-whitelist` in order to start `atlantis server`. See `atlantis server --help` for how that flag works.
+
+## Downloads
+* [atlantis_darwin_amd64.zip](https://github.com/runatlantis/atlantis/releases/download/v0.3.2/atlantis_darwin_amd64.zip)
+* [atlantis_linux_386.zip](https://github.com/runatlantis/atlantis/releases/download/v0.3.2/atlantis_linux_386.zip)
+* [atlantis_linux_amd64.zip](https://github.com/runatlantis/atlantis/releases/download/v0.3.2/atlantis_linux_amd64.zip)
+* [atlantis_linux_arm.zip](https://github.com/runatlantis/atlantis/releases/download/v0.3.2/atlantis_linux_arm.zip)
+
 # v0.3.1
 ## Features
 * None

diff --git a/main.go b/main.go
@@ -8,7 +8,7 @@ import (
 
 func main() {
 	v := viper.New()
-	v.Set("version", "0.3.1")
+	v.Set("version", "0.3.2")
 
 	// We're creating commands manually here rather than using init() functions
 	// (as recommended by cobra) because it makes testing easier.