Skip to content

v1.49.0: Trust Only Local Proxies Unless Overridden

Latest
Compare
Choose a tag to compare
@pglombardo pglombardo released this 20 Nov 15:10
· 13 commits to refs/heads/master since this release
97d28d3

This release fixes CVE-2024-52796 where an attacker could spoof the X-Forwarded-For header to bypass the rate limiter.

If you are using an external proxy that is not on the local network, see this documentation on how to authorize the IP of your remote proxy.

📝 What’s Changed

🚀 Features

⬆️ Dependencies updates

👥 List of contributors

@dependabot, @dependabot[bot] and @pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.49.0

..and go to http://localhost:5100

🔗 Useful Links