diff options
Diffstat (limited to 'releasenotes/notes/bug-cd9099c1ba78d637.yaml')
| -rw-r--r-- | releasenotes/notes/bug-cd9099c1ba78d637.yaml | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/releasenotes/notes/bug-cd9099c1ba78d637.yaml b/releasenotes/notes/bug-cd9099c1ba78d637.yaml new file mode 100644 index 000000000..438e3c30e --- /dev/null +++ b/releasenotes/notes/bug-cd9099c1ba78d637.yaml @@ -0,0 +1,7 @@ +--- +security: + - | + An open redirect has been fixed, that could redirect users to arbitrary + addresses from certain views by specifying a "next" parameter in the URL. + Now the redirect will only work if the target URL is in the same domain, + and uses the same protocol. |