public inbox for [email protected]
help / color / mirror / Atom feedFrom: Akshay Joshi <[email protected]>
To: [email protected]
Subject: pgAdmin 4 commit: Added following security enhancements:
Date: Tue, 20 Oct 2020 11:46:28 +0000
Message-ID: <[email protected]> (raw)
Added following security enhancements:
1) Added ALLOWED_HOSTS list to limit the host address.
2) Added CSP and HSTS security header.
3) Hide the webserver/ development framework version.
Fixes #5919
Branch
------
master
Details
-------
https://git.postgresql.org/gitweb?p=pgadmin4.git;a=commitdiff;h=08c4deba5a4aa781db2c78839eb03f6bccf6...
Author: Ganesh Jaybhay <[email protected]>
Modified Files
--------------
Dockerfile | 4 ++-
docs/en_US/release_notes_4_28.rst | 1 +
pkg/docker/entrypoint.sh | 4 +--
pkg/docker/gunicorn_config.py | 2 ++
requirements.txt | 1 +
web/config.py | 49 ++++++++++++++++++++++++++++++++++-
web/pgadmin/__init__.py | 45 +++++++++++++++++++++++++++-----
web/pgadmin/browser/__init__.py | 3 +++
web/pgadmin/preferences/__init__.py | 3 +++
web/pgadmin/utils/security_headers.py | 41 +++++++++++++++++++++++++++++
web/pgadmin/utils/session.py | 6 ++++-
11 files changed, 148 insertions(+), 11 deletions(-)
reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Reply to all the recipients using the --to and --cc options:
reply via email
To: [email protected]
Cc: [email protected], [email protected]
Subject: Re: pgAdmin 4 commit: Added following security enhancements:
In-Reply-To: <[email protected]>
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox