TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2024-12-04 23:45:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
v2.64.x
zitadel/cmd
History
Livio Spring 7508e6c9f3
fix: correctly check denied domains and ips for actions (#8810) 
# Which Problems Are Solved

System administrators can block hosts and IPs for HTTP calls in actions.
Using DNS, blocked IPs could be bypassed.

# How the Problems Are Solved

- Hosts are resolved (DNS lookup) to check whether their corresponding
IP is blocked.

# Additional Changes

- Added complete lookup ip address range and "unspecified" address to
the default `DenyList`

(cherry picked from commit 79fb4cc1cc)
2024-10-23 07:33:43 +02:00
..
admin chore: test server for direct resource access 2023-04-24 20:40:31 +03:00
build fix: allow version to be overwritten by build again (#4656) 2022-11-07 09:50:44 +00:00
encryption fix(setup): init projections (#7194) 2024-01-25 17:28:20 +01:00
hooks feat: support whole config as env (#6336) 2024-02-16 16:04:42 +00:00
initialise feat(v3alpha): web key resource (#8262) 2024-08-14 14:18:14 +00:00
key feat: api v2beta to api v2 (#8283) 2024-07-26 22:39:55 +02:00
mirror feat(storage): generic cache interface (#8628) 2024-09-25 21:40:21 +02:00
ready feat(v3alpha): web key resource (#8262) 2024-08-14 14:18:14 +00:00
setup perf(oidc): nest position clause for session terminated query (#8738) 2024-10-07 12:49:55 +00:00
start fix: correctly check denied domains and ips for actions (#8810) 2024-10-23 07:33:43 +02:00
tls fix: enable env vars in setup steps (and deprecate admin subcommand) (#3871) 2022-06-27 10:32:34 +00:00
defaults.yaml fix: correctly check denied domains and ips for actions (#8810) 2024-10-23 07:33:43 +02:00
zitadel.go fix(mirror): read config correctly (#8330) 2024-07-18 14:00:58 +00:00