10000 Release v1.3.0 compatible with ES 1.3.0 / security fix · Asquera/elasticsearch-http-basic · GitHub
[go: up one dir, main page]
Skip to content
C166
This repository was archived by the owner on Mar 4, 2019. It is now read-only.

v1.3.0 compatible with ES 1.3.0 / security fix
Compare
Choose a tag to compare
@emig emig released this 07 Oct 16:36
· 28 commits to master since this release
v1.3.0-security-fix
79df080

fixed security problem in ip authentication. ES 1.3.0 compatible

security problem introduced in commit 53d1cf8

changes:

  • remove usage of 'Host' header to identify client's ip
  • the request ip is used to ip authenticate direct connected clients
  • add usage of trusted proxy chain
  • the trusted proxy chain is used to ip authenticate indirect connected clients
  • added unit and integration tests
  • updated log messages
Assets 3
Loading
0