As part of a proactive security audit, we discovered and corrected the following vulnerability. We recommend all self-hosted installations of Humio update to the latest security release.
Insecure deserialization of YAML
Status: Fixed in Humio 1.10.1
Fixed an issue related to insecure deserilization of YAML files in our Dashboard Template files. The issue would have made it possible for an authenticated user to craft a recursive YAML file that when uploaded would exhaust the node responsible for reading the file. We found no evidence that this exploit have been utilized on our cloud.