github-mirror/project-nomad
1
0
Fork 0
mirror of https://github.com/Crosstalk-Solutions/project-nomad.git synced 2026-03-28 03:29:25 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
be25408fe7
project-nomad/admin/app
History
Chris Sherwood 5d3c659d05 fix(security): narrow SSRF scope to allow RFC1918 LAN addresses 
NOMAD is a LAN appliance — blocking RFC1918 private ranges (10.x,
172.16-31.x, 192.168.x) would prevent users from downloading content
from local network mirrors. Narrowed to only block loopback (localhost,
127.x, 0.0.0.0, ::1) and link-local (169.254.x, fe80::) addresses.
Restored require_tld: false for LAN hostnames without TLDs.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-11 14:08:09 -07:00
..
controllers fix(security): path traversal and SSRF protections from pre-launch audit 2026-03-11 14:08:09 -07:00
exceptions fix(Docs): documentation renderer fixes 2025-12-23 16:00:33 -08:00
jobs feat: support for updating services 2026-03-11 14:08:09 -07:00
middleware feat: background job overhaul with bullmq 2025-12-06 23:59:01 -08:00
models feat: support for updating services 2026-03-11 14:08:09 -07:00
services fix(security): path traversal and SSRF protections from pre-launch audit 2026-03-11 14:08:09 -07:00
utils feat: support for updating services 2026-03-11 14:08:09 -07:00
validators fix(security): narrow SSRF scope to allow RFC1918 LAN addresses 2026-03-11 14:08:09 -07:00