vh/rest-server
1
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2026-03-30 23:03:18 -07:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
33c41b55bb43e8c5a7c1f11aed485ba1fcb31629
rest-server/changelog/unreleased
History
Juergen Hoetzel 33c41b55bb Security: Prevent loading of usernames containing a slash 
"/" is valid char in HTTP authorization headers, but is also used in
rest-server to map usernames to private repos.

This commit prevents loading maliciously composed usernames like
"/foo/config" by restricting the allowed characters to the unicode
character class, numbers, "-", "." and "@".

Closes #131
2020-12-28 11:30:00 +01:00
..
.gitkeep
Add .gitkeep to persist changelog/unreleased/ when empty.
2019-12-18 23:14:09 +01:00
issue-131
Security: Prevent loading of usernames containing a slash
2020-12-28 11:30:00 +01:00