From 7f600e7e430353cdacd2edd915202c92b8d02f95 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 5 Mar 2026 16:09:52 +0100 Subject: [PATCH 1/3] chore(deps): bump immutable from 4.3.7 to 4.3.8 in /web-frontend (#4917) Bumps [immutable](https://github.com/immutable-js/immutable-js) from 4.3.7 to 4.3.8. - [Release notes](https://github.com/immutable-js/immutable-js/releases) - [Changelog](https://github.com/immutable-js/immutable-js/blob/main/CHANGELOG.md) - [Commits](https://github.com/immutable-js/immutable-js/compare/v4.3.7...v4.3.8) --- updated-dependencies: - dependency-name: immutable dependency-version: 4.3.8 dependency-type: indirect ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- web-frontend/yarn.lock | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/web-frontend/yarn.lock b/web-frontend/yarn.lock index b26daa16ef..675f1a885f 100644 --- a/web-frontend/yarn.lock +++ b/web-frontend/yarn.lock @@ -7227,9 +7227,9 @@ image-meta@^0.2.2: integrity sha512-3MOLanc3sb3LNGWQl1RlQlNWURE5g32aUphrDyFeCsxBTk08iE3VNe4CwsUZ0Qs1X+EfX0+r29Sxdpza4B+yRA== immutable@^4.0.0: - version "4.3.7" - resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.3.7.tgz#c70145fc90d89fb02021e65c84eb0226e4e5a381" - integrity sha512-1hqclzwYwjRDFLjcFxOM5AYkkG0rpFPpr1RLPMEuGczoS7YA8gLhy8SWXYRAA/XwfEHpfo3cw5JGioS32fnMRw== + version "4.3.8" + resolved "https://registry.yarnpkg.com/immutable/-/immutable-4.3.8.tgz#02d183c7727fb2bb1d5d0380da0d779dce9296a7" + integrity sha512-d/Ld9aLbKpNwyl0KiM2CT1WYvkitQ1TSvmRtkcV8FKStiDoA7Slzgjmb/1G2yhKM1p0XeNOieaTbFZmU1d3Xuw== import-fresh@^3.2.1, import-fresh@^3.3.0: version "3.3.1" From 30906040c657c0e35f3c599753b4d586d5a30cf5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A9r=C3=A9mie=20Pardou?= <571533+jrmi@users.noreply.github.com> Date: Thu, 5 Mar 2026 17:07:39 +0100 Subject: [PATCH 2/3] feat: allow to configure CERT requirement for Redis (#4930) * Add missing part in the redis url --- .env.example | 2 ++ backend/src/baserow/config/settings/base.py | 13 ++++++++++++- deploy/all-in-one/README.md | 2 ++ docker-compose.dev.yml | 2 ++ docker-compose.no-caddy.yml | 2 ++ docker-compose.yml | 4 +++- docs/installation/install-with-docker.md | 2 ++ docs/installation/install-with-k8s.md | 2 ++ docs/technical/introduction.md | 3 +++ 9 files changed, 30 insertions(+), 2 deletions(-) diff --git a/.env.example b/.env.example index f5a17fcff7..2ab5925dc9 100644 --- a/.env.example +++ b/.env.example @@ -32,6 +32,8 @@ DATABASE_NAME=baserow # REDIS_PROTOCOL= # REDIS_URL= # REDIS_USER= +# REDIS_SSL_CERT_REQS= +# REDIS_SSL_CA_CERTS= # Uncomment and set these to enable Baserow to send emails. # EMAIL_SMTP= diff --git a/backend/src/baserow/config/settings/base.py b/backend/src/baserow/config/settings/base.py index 42305d83fc..472c98ae5f 100644 --- a/backend/src/baserow/config/settings/base.py +++ b/backend/src/baserow/config/settings/base.py @@ -158,9 +158,20 @@ REDIS_USERNAME = os.getenv("REDIS_USER", "") REDIS_PASSWORD = os.getenv("REDIS_PASSWORD", "") REDIS_PROTOCOL = os.getenv("REDIS_PROTOCOL", "redis") +REDIS_SSL_CERT_REQS = os.getenv("REDIS_SSL_CERT_REQS", "required") +REDIS_SSL_CA_CERTS = os.getenv("REDIS_SSL_CA_CERTS", "") + +redis_auth = f"{REDIS_USERNAME}:{REDIS_PASSWORD}@" if REDIS_USERNAME else "" +redis_url_suffix = ( + (f"?ssl_cert_reqs={REDIS_SSL_CERT_REQS}" if REDIS_PROTOCOL == "rediss" else "") + + f"&ssl_ca_certs={REDIS_SSL_CA_CERTS}" + if REDIS_SSL_CA_CERTS + else "" +) + REDIS_URL = os.getenv( "REDIS_URL", - f"{REDIS_PROTOCOL}://{REDIS_USERNAME}:{REDIS_PASSWORD}@{REDIS_HOST}:{REDIS_PORT}/0", + f"{REDIS_PROTOCOL}://{redis_auth}{REDIS_HOST}:{REDIS_PORT}/0{redis_url_suffix}", ) BASEROW_GROUP_STORAGE_USAGE_QUEUE = os.getenv( diff --git a/deploy/all-in-one/README.md b/deploy/all-in-one/README.md index 5d8a24d98c..9b55d2b9d3 100644 --- a/deploy/all-in-one/README.md +++ b/deploy/all-in-one/README.md @@ -283,6 +283,8 @@ docker run \ -e REDIS_PASSWORD=TODO \ -e REDIS_PORT=TODO \ -e REDIS_PROTOCOL=TODO \ + -e REDIS_SSL_CERT_REQS=TODO \ + -e REDIS_SSL_CA_CERTS=TODO \ -v baserow_data:/baserow/data \ -p 80:80 \ -p 443:443 \ diff --git a/docker-compose.dev.yml b/docker-compose.dev.yml index acecc950a2..f9590320df 100644 --- a/docker-compose.dev.yml +++ b/docker-compose.dev.yml @@ -187,6 +187,8 @@ services: REDIS_PORT: REDIS_PROTOCOL: REDIS_URL: + REDIS_SSL_CERT_REQS: + REDIS_SSL_CA_CERTS: REDIS_USER: REDIS_PASSWORD: ${REDIS_PASSWORD:?} volumes: diff --git a/docker-compose.no-caddy.yml b/docker-compose.no-caddy.yml index b5e0016d87..451eed5e1c 100644 --- a/docker-compose.no-caddy.yml +++ b/docker-compose.no-caddy.yml @@ -52,6 +52,8 @@ x-backend-variables: REDIS_PROTOCOL: REDIS_URL: REDIS_USER: + REDIS_SSL_CERT_REQS: + REDIS_SSL_CA_CERTS: # Set these to enable Baserow to send emails. EMAIL_SMTP: diff --git a/docker-compose.yml b/docker-compose.yml index 7470288671..6d4b33c640 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -64,6 +64,8 @@ x-backend-variables: REDIS_PROTOCOL: REDIS_URL: REDIS_USER: + REDIS_SSL_CERT_REQS: + REDIS_SSL_CA_CERTS: # Set these to enable Baserow to send emails. EMAIL_SMTP: @@ -384,7 +386,7 @@ services: test: [ "CMD-SHELL", - "/baserow/backend/docker/docker-entrypoint.sh celery-beat-healthcheck" + "/baserow/backend/docker/docker-entrypoint.sh celery-beat-healthcheck", ] interval: 30s timeout: 10s diff --git a/docs/installation/install-with-docker.md b/docs/installation/install-with-docker.md index 30f4776b81..fea5871d45 100644 --- a/docs/installation/install-with-docker.md +++ b/docs/installation/install-with-docker.md @@ -260,6 +260,8 @@ docker run \ -e REDIS_PASSWORD=TODO \ -e REDIS_PORT=TODO \ -e REDIS_PROTOCOL=TODO \ + -e REDIS_SSL_CERT_REQS=TODO \ + -e REDIS_SSL_CA_CERTS=TODO \ -v baserow_data:/baserow/data \ -p 80:80 \ -p 443:443 \ diff --git a/docs/installation/install-with-k8s.md b/docs/installation/install-with-k8s.md index 3037880ad3..8febe3c3f4 100644 --- a/docs/installation/install-with-k8s.md +++ b/docs/installation/install-with-k8s.md @@ -44,6 +44,8 @@ stringData: REDIS_USER: "TODO" REDIS_PASSWORD: "TODO" REDIS_PROTOCOL: "TODO rediss or redis" + REDIS_SSL_CERT_REQS: "TODO required or optional or none" \ + REDIS_SSL_CA_CERTS: "TODO" BASEROW_AMOUNT_OF_GUNICORN_WORKERS: "5" # S3 Compatible storage is recommended with K8S to get the exports and file storage working # See the docs for more info https://baserow.io/docs/installation%2Fconfiguration#user-file-upload-configuration diff --git a/docs/technical/introduction.md b/docs/technical/introduction.md index 9f75608e51..41f1616987 100644 --- a/docs/technical/introduction.md +++ b/docs/technical/introduction.md @@ -121,6 +121,9 @@ are accepted. * `REDIS_PASSWORD` (default ``): The password of the Redis server. * `REDIS_PROTOCOL` (default `redis`): The redis protocol. Can either be `redis` or `rediss`. +* `REDIS_SSL_CERT_REQS` (default `required`): whether the SSL certificate is required. + Can either be `required`, `optional` or `none`. +* `REDIS_SSL_CA_CERTS` (default ``): The path to the CA file. * `EMAIL_SMTP` (default ``): Providing anything other than an empty string will enable SMTP email. * `EMAIL_SMTP_HOST` (default `localhost`): The hostname of the SMTP server. From 7508b8663a4c425aa61b098a1a705ee57be385e3 Mon Sep 17 00:00:00 2001 From: Davide Silvestri <75379892+silvestrid@users.noreply.github.com> Date: Thu, 5 Mar 2026 18:46:43 +0100 Subject: [PATCH 3/3] fix: redis auth parameters (#4931) * fix redis auth * check only for password --- backend/src/baserow/config/settings/base.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/backend/src/baserow/config/settings/base.py b/backend/src/baserow/config/settings/base.py index 472c98ae5f..d3bd1fcabc 100644 --- a/backend/src/baserow/config/settings/base.py +++ b/backend/src/baserow/config/settings/base.py @@ -161,7 +161,7 @@ REDIS_SSL_CERT_REQS = os.getenv("REDIS_SSL_CERT_REQS", "required") REDIS_SSL_CA_CERTS = os.getenv("REDIS_SSL_CA_CERTS", "") -redis_auth = f"{REDIS_USERNAME}:{REDIS_PASSWORD}@" if REDIS_USERNAME else "" +redis_auth = f"{REDIS_USERNAME}:{REDIS_PASSWORD}@" if REDIS_PASSWORD else "" redis_url_suffix = ( (f"?ssl_cert_reqs={REDIS_SSL_CERT_REQS}" if REDIS_PROTOCOL == "rediss" else "") + f"&ssl_ca_certs={REDIS_SSL_CA_CERTS}"