Concourse upgraded to 7.8.3

We have upgraded our Concourse setups to the latest version 7.8.3. This patch release comes with some security fixes. You can check the full changelog in the Concourse releases page.

  • Fix team name overwritten bug All Concourse versions prior to v7.8.3 is vulnerable to parameter pollution that allows authorization bypass in functionality that is meant to restrict cross team actions. An user in any team could make certain http requests to trigger unauthorized activity for other teams like pausing pipelines, re-triggering builds or exposing pipelines. (#8580)
  • Bump Dex to v2.35.1 for CVE-2022-39222. (#8579)