Tags: cloudbees/elasticsearch-http-basic
Tags
Added - allow HEAD root url authentication #39 - log http method on any request. #42 - doc: 1.6.0, 1.7.0 support Asquera#52 Fix - test: adapt to method signature change after 1.5.1 #55 - test: run custom install and test commands in ci
ES compatiblity.
Added
- allow disabling ipwhitelist by setting its value to `false`
- updated pom to depend on elasticsearch-parent project
- travis test matrix for different ES versions
Changed
- restored default healthcheck for authenticated users
- unauthenticated healthcheck for `/` returns `"{\"OK\":{}}"`
- thanks @feaster83
Applied security fix to version compatible with ES 1.0
fixed security problem in ip authentication. ES 1.3.0 compatible security problem introduced in commit 53d1cf8 changes: - remove usage of 'Host' header to identify client's ip - the request ip is used to ip authenticate direct connected clients - add usage of trusted proxy chain - the trusted proxy chain is used to ip authenticate indirect connected clients - added unit and integration tests - updated log messages
Security Fix for Ip Authentication compatible with ES 1.2.0 Due to implementation of how the ip of the client is obtained it is very easy for an attacker to authenticate its ip by setting the ip in the 'Host' header or as first ip in the 'X-Forwarded-For' header
Merge pull request Asquera#11 from Asquera/1.1.0 updated -> ES 1.0.0
PreviousNext