This repository has been archived by the owner on Mar 4, 2019. It is now read-only.
v1.3.0 compatible with ES 1.3.0 / security fix
·
28 commits
to master
since this release
fixed security problem in ip authentication. ES 1.3.0 compatible
security problem introduced in commit 53d1cf8
changes:
- remove usage of 'Host' header to identify client's ip
- the request ip is used to ip authenticate direct connected clients
- add usage of trusted proxy chain
- the trusted proxy chain is used to ip authenticate indirect connected clients
- added unit and integration tests
- updated log messages