This release fixes CVE-2024-52796 where an attacker could spoof the X-Forwarded-For header to bypass the rate limiter.
If you are using an external proxy that is not on the local network, see this documentation on how to authorize the IP of your remote proxy.
📝 What’s Changed
- Security: Only trust local proxies unless overidden (#2797) @pglombardo
- [Snyk] Upgrade esbuild from 0.23.1 to 0.24.0 (#2796) @pglombardo
🚀 Features
- Yarn package updates (#2782) @pglombardo
- Latest Language Strings (#2779) @pglombardo
⬆️ Dependencies updates
- ⬆️ Bump rdoc from 6.7.0 to 6.8.1 (#2795) @dependabot
- ⬆️ Bump aws-partitions from 1.1009.0 to 1.1010.0 (#2794) @dependabot
- ⬆️ Bump mutex_m from 0.2.0 to 0.3.0 (#2793) @dependabot
- ⬆️ Bump prime from 0.1.2 to 0.1.3 (#2792) @dependabot
- ⬆️ Bump standard from 1.42.0 to 1.42.1 (#2791) @dependabot
- ⬆️ Bump aws-sdk-kms from 1.95.0 to 1.96.0 (#2790) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.171.0 to 1.172.0 (#2789) @dependabot
- ⬆️ Bump kramdown from 2.4.0 to 2.5.1 (#2788) @dependabot
- ⬆️ Bump aws-partitions from 1.1007.0 to 1.1009.0 (#2786) @dependabot
- ⬆️ Bump pry from 0.14.2 to 0.15.0 (#2784) @dependabot
- ⬆️ Bump solid_queue from 1.0.1 to 1.0.2 (#2785) @dependabot
- ⬆️ Bump aws-sdk-s3 from 1.170.1 to 1.171.0 (#2775) @dependabot
- ⬆️ Bump mini_portile2 from 2.8.7 to 2.8.8 (#2776) @dependabot
- ⬆️ Bump json from 2.8.1 to 2.8.2 (#2774) @dependabot
- ⬆️ Bump aws-partitions from 1.1006.0 to 1.1007.0 (#2773) @dependabot
- ⬆️ Bump rackup from 2.2.0 to 2.2.1 (#2772) @dependabot
- ⬆️ Bump aws-partitions from 1.1005.0 to 1.1006.0 (#2771) @dependabot
- ⬆️ Bump rubocop-ast from 1.35.0 to 1.36.1 (#2770) @dependabot
👥 List of contributors
@dependabot, @dependabot[bot] and @pglombardo
🛥️ Docker Images
Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush
🏃♂️ Run This Version
docker run -d -p 5100:5100 pglombardo/pwpush:1.49.0..and go to http://localhost:5100