Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Updated Rack Attack configuration to address vulnerabilities in password updates #3455

Closed
wants to merge 1 commit into from
Closed

Updated Rack Attack configuration to address vulnerabilities in password updates #3455

wants to merge 1 commit into from

Commits on Sep 24, 2024

  1. Updated Rack Attack configuration to address vulnerabilities in passw… 

    …ord updates.

Changes:
    The fix involves adding a new Rack Attack rule "profile_updates/ip" and
    rewriting the body of the rules "password_resets/ip" and "logins/ip" so
    the the request ip is returned if the rule is triggered.
    John Pinto committed Sep 24, 2024
    Configuration menu
    Copy the full SHA
    acf5961 View commit details
    Browse the repository at this point in the history