TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-03-03 23:05:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
zitadel/internal
History
Livio Spring 7508e6c9f3
fix: correctly check denied domains and ips for actions (#8810) 
# Which Problems Are Solved

System administrators can block hosts and IPs for HTTP calls in actions.
Using DNS, blocked IPs could be bypassed.

# How the Problems Are Solved

- Hosts are resolved (DNS lookup) to check whether their corresponding
IP is blocked.

# Additional Changes

- Added complete lookup ip address range and "unspecified" address to
the default `DenyList`

(cherry picked from commit 79fb4cc1cc6ebba91f9af917807e0e3651516acd)
2024-10-23 07:33:43 +02:00
..
actions
fix: correctly check denied domains and ips for actions (#8810)
2024-10-23 07:33:43 +02:00
activity
feat: trusted (instance) domains (#8369)
2024-07-31 18:00:38 +03:00
admin/repository/eventsourcing
feat(cmd): mirror (#7004)
2024-05-30 09:35:30 +00:00
api
chore: correct require usage to assert for eventual consistency (#8795)
2024-10-23 07:33:40 +02:00
auth/repository
fix: only allow domain discovery if no organization was preselected (#8748)
2024-10-10 15:29:53 +00:00
auth_request/repository
fix(login): correctly reload policies on auth request (#7839)
2024-04-24 10:54:55 +02:00
authz
fix: internal check of JWT access tokens (#8486)
2024-08-26 09:26:13 +00:00
cache
perf(cache): pgx pool connector (#8703)
2024-10-04 13:15:41 +00:00
command
fix: always create SAML with metadata (#8696)
2024-10-11 08:09:51 +00:00
config
feat(v3alpha): read actions (#8357)
2024-08-12 22:32:01 +02:00
crypto
feat(v3alpha): web key resource (#8262)
2024-08-14 14:18:14 +00:00
database
perf(cache): pgx pool connector (#8703)
2024-10-04 13:15:41 +00:00
domain
fix: pass sessionID to OTP email link (#8745)
2024-10-10 13:53:32 +00:00
eventstore
perf(oidc): nest position clause for session terminated query (#8738)
2024-10-07 12:49:55 +00:00
execution
feat: add schema user create and remove (#8494)
2024-08-28 19:46:45 +00:00
feature
perf(oidc): disable push of user token meta-event (#8691)
2024-09-26 16:22:10 +02:00
form
i18n
fix(middleware): init translation messages (#7778)
2024-04-16 15:46:13 +02:00
iam
id
feat(cmd): Added machine ID mode to zitadel start up logs (#8251)
2024-07-16 09:53:57 +00:00
idp
fix(SAML): log underlying error if SAML response validation fails (#8721)
2024-10-11 07:04:15 +00:00
integration
chore: improve integration tests (#8727)
2024-10-23 07:33:35 +02:00
logstore
migration
net
notification
chore: improve integration tests (#8727)
2024-10-23 07:33:35 +02:00
org
project
protoc
qrcode
query
fix: add domain as attribute to list user auth methods (#8718)
2024-10-10 16:50:53 +00:00
renderer
fix(login): (re)allow HTML in custom login texts (#7575)
2024-03-15 16:29:10 +01:00
repository
fix: twilio code generation and verification (#8728)
2024-10-07 10:04:14 +02:00
static
Merge remote-tracking branch 'origin/main' into next
2024-10-11 11:16:54 +02:00
statik
telemetry
feat: enable application performance profiling (#8442)
2024-08-16 13:26:53 +00:00
test
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
user
fix: add domain as attribute to list user auth methods (#8718)
2024-10-10 16:50:53 +00:00
v2
fix(eventstore): revert precise decimal (#8527) (#8679)
2024-09-25 06:31:46 +02:00
view/repository
refactor(fmt): run gci on complete project (#7557)
2024-04-03 10:43:43 +00:00
webauthn
fix: add domain as attribute to list user auth methods (#8718)
2024-10-10 16:50:53 +00:00
zerrors
fix(crypto): reject decrypted strings with non-UTF8 characters. (#8374)
2024-08-06 13:58:53 +02:00