Release v1.3.0-security-fix: fixed security problem in ip authentication. ES 1.3.0 compatible · phule/elasticsearch-http-basic · GitHub

8000 Release v1.3.0-security-fix: fixed security problem in ip authentication. ES 1.3.0 compatible · phule/elasticsearch-http-basic · GitHub

v1.3.0-security-fix 61D0
79df080
Compare

Choose a tag to compare

Loading

View all tags

v1.3.0-security-fix: fixed security problem in ip authentication. ES 1.3.0 compatible

v1.3.0-security-fix
79df080
Compare

Choose a tag to compare

Loading

View all tags

tagged this 07 Oct 16:33

security problem  introduced in commit 53d1cf8b6f44bb690d927a33f1f358ecdffe5a52

changes:

- remove usage of 'Host' header to identify client's ip
- the request ip is used to ip authenticate direct connected clients
- add usage of trusted proxy chain
- the trusted proxy chain is used to ip authenticate indirect connected clients
- added unit and integration tests
- updated log messages

Assets 2

0