diff options
author | Douwe Maan <douwe@gitlab.com> | 2017-03-15 20:09:08 +0000 |
---|---|---|
committer | DJ Mountney <david@twkie.net> | 2017-03-17 19:15:23 -0700 |
commit | f501ead612314afb06be8c1b15739a04c9ea73ff (patch) | |
tree | 4f7cea119641ebc2ac9c7772837bfe936b293018 /changelogs | |
parent | c0873f946c27da9696d026860d7d2f1e768c8ebc (diff) | |
download | gitlab-ce-f501ead612314afb06be8c1b15739a04c9ea73ff.tar.gz |
Merge branch 'ssrf' into 'security'
Protect server against SSRF in project import URLs
See merge request !2068
Diffstat (limited to 'changelogs')
-rw-r--r-- | changelogs/unreleased/ssrf-protections.yml | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/changelogs/unreleased/ssrf-protections.yml b/changelogs/unreleased/ssrf-protections.yml new file mode 100644 index 00000000000..8d803738009 --- /dev/null +++ b/changelogs/unreleased/ssrf-protections.yml @@ -0,0 +1,4 @@ +--- +title: To protect against Server-side Request Forgery project import URLs are now prohibited against localhost or the server IP except for the assigned instance URL and port. Imports are also prohibited from ports below 1024 with the exception of ports 22, 80, and 443. +merge_request: +author: |