Skip to content

2.1.3
Compare
Choose a tag to compare
@reecexlm reecexlm released this 11 Aug 19:51
· 912 commits to main since this release
2.1.3
973f0de
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

What's Changed

  • [ANCHOR-403] Prevent SSRF through SEP-1 TOML redirect by @reecexlm in #1043
    This release addresses security issue where an attacker can force the Anchor server to issue requests to an arbitrary URL, where the service will attempt to fetch a toml file. If this service is unable to correctly fetch and parse the toml file, it will return an error containing (leaking) the beginning of the content in the URL passed.

Contributors

reecexlm
Assets 2
Loading