Bind server not updating cote de pablo who is she dating
14-Apr-2020 11:33
Presumably this security risk has been present for quite some time and as such I don't see the urgency.I assume that webpack tries to follow semver which is pretty clear that almost any breaking change should be a major version bump, especially if what you're versioning has a huge audience, which certainly webpack does.From my experience how many people update to the latest major version, I've chosen to release this as patch version.I know that this breaks some setups, but I took this risk for security [email protected], perhaps in addition to whitelisting localhost, if the Host header contains any IP, then the request can be accepted?If the request was made to a specific IP (and not a DNS rebound malicious domain), then this cannot have been an attack as made via DNS rebinding.Oh, and I also using 0.0.0.0 specifically for my host settings.
Obviously this is a fairly simple fix, but it concerns me because rather then following semver As a followup to the post by @phairoh.
so after spending a short time actually looking over my config/headers, I just rolled ack to 2.4.2 and it fixed it right up with no other changes.
Doubt that is any news/that helpful, but thought I'd chime in that it seems isolated to 2.4.3/went away when I downgraded.
Right on, appreciate the attention to the potential vulnerability, and I dig the disable Host Check ability being put right in even more. Also, I have custom hosts in my etc/hosts which my app uses to determine things. It seems like the disable host check option is not available on CLI. I'm pretty confused and not totally sure I need the disable option, but I haven't found a good alternative yet from the release notes or the issues that are filed because I need to hit my local dev server from a tablet.
like vs bar-local.com, both of which are aliased to 127.0.0.1 Either way, I think it'd be good to expose the disable option in the CLI for people who are using it. Also, I have custom hosts in my etc/hosts which my app uses to determine things.For development, i have a few aliases to 127.0.0.1 in my etc/hosts file.