diff options
Diffstat (limited to 'changelogs/unreleased/ssrf-protections.yml')
-rw-r--r-- | changelogs/unreleased/ssrf-protections.yml | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/changelogs/unreleased/ssrf-protections.yml b/changelogs/unreleased/ssrf-protections.yml new file mode 100644 index 00000000000..8d803738009 --- /dev/null +++ b/changelogs/unreleased/ssrf-protections.yml @@ -0,0 +1,4 @@ +--- +title: To protect against Server-side Request Forgery project import URLs are now prohibited against localhost or the server IP except for the assigned instance URL and port. Imports are also prohibited from ports below 1024 with the exception of ports 22, 80, and 443. +merge_request: +author: |