ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2025-03-11 02:12:21 -05:00

History

Kevin Ansfield 6875796417 Blocked 0.* IP addresses when making oembed requests no issue It was possible for authenticated/trusted admin users to make GET requests to localhost via the oembed service by crafting a redirect that used 0.0.0.0. - added the 0.* default route/routing block to the private IP regex used to block requests when we're contacting external sites - added an additional IP or localhost check in the oembed service when fetching bookmark card data		2021-09-14 11:35:14 +01:00
..
api-acceptance	Blocked 0.* IP addresses when making oembed requests	2021-09-14 11:35:14 +01:00
frontend-acceptance	Added `/email/` route to robots.txt	2021-08-10 13:45:53 +04:00
regression	Moved default settings population test to regression suite	2021-09-01 15:23:57 +04:00
unit	Blocked 0.* IP addresses when making oembed requests	2021-09-14 11:35:14 +01:00
utils	Added Members bulk actions endpoint	2021-08-23 16:38:21 +02:00
.eslintignore
.eslintrc.js	Upgraded no-skipped-test rule to error	2021-05-26 14:57:43 +01:00
.jshintrc