Skip to content

v1.1.5
Compare
Choose a tag to compare
@dropwhile dropwhile released this 26 Jul 17:51
· 427 commits to master since this release
v1.1.5
9b59427
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
  • Security fixes / SSRF
    • Fix: Ensure non-GET/HEAD request does not send outbound request (#35)
    • Fix: Validate redirect urls the same as initial urls (#35)
  • Split out exception for missing content types (#32)
  • Prometheus compatible metrics endpoint added (#34)
  • Disabled credential/userinfo (user:pass@ style) type urls by default.
    Added cli flag (--allow-credential-urls) to retain prior behavior (which
    allows them).
Assets 7
Loading