8000 Tags · DataToKnowledge/elasticsearch-http-basic · GitHub
[go: up one dir, main page]
Skip to content

Tags: DataToKnowledge/elasticsearch-http-basic

Tags

v1.5.0

Toggle v1.5.0's commit message 
fixed test

v1.4.0

Toggle v1.4.0's commit message 
compatible with ES 1.4.0

v1.1.0-security-fix

Toggle v1.1.0-security-fix's commit message 
Applied security fix to version compatible with ES 1.0

v1.4.0.Beta1

Toggle v1.4.0.Beta1's commit message 
ES 1.4.0.Beta1 compatibility

v1.3.0-security-fix

Toggle v1.3.0-security-fix's commit message 
fixed security problem in ip authentication. ES 1.3.0 compatible

security problem  introduced in commit 53d1cf8

changes:

- remove usage of 'Host' header to identify client's ip
- the request ip is used to ip authenticate direct connected clients
- add usage of trusted proxy chain
- the trusted proxy chain is used to ip authenticate indirect connected clients
- added unit and integration tests
- updated log messages

v1.2.0-security-fix

Toggle v1.2.0-security-fix's commit message 
Security Fix for Ip Authentication compatible with ES 1.2.0

Due to implementation of how the ip of the client
is obtained it is very easy for an attacker to authenticate
its ip by setting the ip in the 'Host' header or as first ip in the
'X-Forwarded-For' header

1.3.2

Toggle 1.3.2's commit message 
fixed #22

1.2.0

Toggle 1.2.0's commit message 
Update to ES 1.2.0

v1.1.0

Toggle v1.1.0's commit message 
Merge pull request Asquera#11 from Asquera/1.1.0

updated -> ES 1.0.0

1.0.4

Toggle 1.0.4's commit message 
Bump to version 1.0.4
0