Skip to content

v2.5.1
Compare
Choose a tag to compare
@mccutchen mccutchen released this 11 Nov 16:15
· 58 commits to main since this release
v2.5.1
aaf674e
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Notable changes

The /redirect-to endpoint will now validate the domain of the given destination URL against an allowlist if configured with the -allowed-redirect-domains CLI argument or ALLOW_REDIRECT_DOMAINS env var. This allows operators of public go-httpbin instances like httpbingo.org to eliminate an open redirect, as highlighted in this security advisory.

What's Changed

Full Changelog: v2.5.0...v2.5.1

Contributors

mccutchen
Assets 2
Loading