Ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-21 09:52:06 +03:00

History

Kevin Ansfield 6875796417 Blocked 0.* IP addresses when making oembed requests no issue It was possible for authenticated/trusted admin users to make GET requests to localhost via the oembed service by crafting a redirect that used 0.0.0.0. - added the 0.* default route/routing block to the private IP regex used to block requests when we're contacting external sites - added an additional IP or localhost check in the oembed service when fetching bookmark card data		2021-09-14 11:35:14 +01:00
..
client@ef223b0312	Updated Admin to v4.13.0	2021-09-06 12:21:31 +01:00
frontend	Added beta `{{products}}` helper for tiers list on post (#13267 )	2021-09-10 09:30:41 +05:30
server	Blocked 0.* IP addresses when making oembed requests	2021-09-14 11:35:14 +01:00
shared	Updated tiers as a beta feature from alpha	2021-09-09 16:57:46 +05:30
app.js	Added Sentry to new boot process	2021-02-19 09:20:41 +00:00
boot.js	Added email unfreeze for verified email config	2021-07-29 20:30:30 +12:00
bridge.js	Added comments to all usages of lib/common/events	2021-07-07 16:02:44 +01:00