Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 4.1.x] SSRF Bypass to return internal host data #11486

Merged
merged 4 commits into from
Sep 15, 2023
Merged

[Backport 4.1.x] SSRF Bypass to return internal host data #11486

merged 4 commits into from
Sep 15, 2023

Conversation

afabiani
Copy link
Member

Checklist

Reviewing is a process done by project maintainers, mostly on a volunteer basis. We try to keep the overhead as small as possible and appreciate if you help us to do so by completing the following items. Feel free to ask in a comment if you have troubles with any of them.

For all pull requests:

  • Confirm you have read the contribution guidelines
  • You have sent a Contribution Licence Agreement (CLA) as necessary (not required for small changes, e.g., fixing typos in the documentation)
  • Make sure the first PR targets the master branch, eventual backports will be managed later. This can be ignored if the PR is fixing an issue that only happens in a specific branch, but not in newer ones.

The following are required only for core and extension modules (they are welcomed, but not required, for contrib modules):

  • There is a ticket in https://github.com/GeoNode/geonode/issues describing the issue/improvement/feature (a notable exemption is, changes not visible to end-users)
  • The issue connected to the PR must have Labels and Milestone assigned
  • PR for bug fixes and small new features are presented as a single commit
  • Commit message must be in the form "[Fixes #<issue_number>] Title of the Issue"
  • New unit tests have been added covering the changes, unless there is an explanation on why the tests are not necessary/implemented
  • This PR passes all existing unit tests (test results will be reported by travis-ci after opening this PR)
  • This PR passes the QA checks: black geonode && flake8 geonode
  • Commits changing the settings, UI, existing user workflows, or adding new functionality, need to include documentation updates
  • Commits adding new texts do use gettext and have updated .po / .mo files (without location infos)

Submitting the PR does not require you to check all items, but by the time it gets merged, they should be either satisfied or inapplicable.

@afabiani afabiani added the security Pull requests that address a security vulnerability label Sep 14, 2023
@afabiani afabiani self-assigned this Sep 14, 2023
@cla-bot cla-bot bot added the cla-signed CLA Bot: community license agreement signed label Sep 14, 2023
@giohappy giohappy added the 4.1.x label Sep 14, 2023
@giohappy
Copy link
Contributor

CircleCI is failing at bringing the Django container to a healthy state, but it's actually ok.
I've run the tests manually inside the CircleCI workspace and they passed, so we can merge.

@giohappy giohappy merged commit aabd1f4 into 4.1.x Sep 15, 2023
8 of 15 checks passed
@giohappy giohappy deleted the backport_GHSA-pxg5-h34r-7q8p_4.1.x branch September 15, 2023 10:37
@giohappy giohappy added this to the 4.1.3 milestone Sep 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@giohappy giohappy giohappy approved these changes

Assignees

@afabiani afabiani

Labels
4.1.x cla-signed CLA Bot: community license agreement signed security Pull requests that address a security vulnerability
Projects
None yet
Milestone
4.1.3
Development

Successfully merging this pull request may close these issues.
2 participants
@afabiani @giohappy