Security Patch Fix
- We have fixed a security vulnerability with symbolicator related to the forked
reqwest
library- An attacker could make symbolicator send arbitrary GET HTTP requests to internal IP addresses by using a specially crafted HTTP endpoint
- The response could be reflected to the attacker if they have an account on Sentry instance.
- Our fix now runs the IP filter on every request in a redirect chain