summaryrefslogtreecommitdiff
path: root/CHANGELOG
diff options
context:
space:
mode:
authorFelix Eckhofer <felix@eckhofer.com>2014-03-26 14:13:40 +0100
committerFelix Eckhofer <felix@eckhofer.com>2014-03-26 20:44:16 +0100
commitef721fc430fbb19da13060105577bf7605606b81 (patch)
tree39e9c72efb345dc513e27dbfec1a71a14bb3cc01 /CHANGELOG
parent3fca238554c90c51e8bc694bc280e0c117958b85 (diff)
Add config variable 'proxy_whitelist'
HTTP headers X_FORWARDED_* and X_REAL_IP are only evaluated when received from an IP listed in proxy_whitelist. Furthermore, only the last non-trusted IP from X-Forwarded-For is used in place of the real ip. Without this, an attacker can easily spoof the headers and control the result of the ip or ssl check. This fixes several problems with [3a4c9f42], [4d480b36] and [a520f331] as mentioned in #1489729.
Diffstat (limited to 'CHANGELOG')
-rw-r--r--CHANGELOG1
1 files changed, 1 insertions, 0 deletions
diff --git a/CHANGELOG b/CHANGELOG
index b78d4cdae..9ed5bab68 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,6 +1,7 @@
CHANGELOG Roundcube Webmail
===========================
+- Add proxy_whitelist configuration option (#1489729)
- Added toolbar button to move message in message view
- Improve UI integration of ACL settings
- Drop support for PHP < 5.3.7