blob: 438e3c30e18b883fc9094bcca344a8aa6348fb3d (
plain)
1
2
3
4
5
6
7
|
---
security:
- |
An open redirect has been fixed, that could redirect users to arbitrary
addresses from certain views by specifying a "next" parameter in the URL.
Now the redirect will only work if the target URL is in the same domain,
and uses the same protocol.
|