Skip to content

Commit

Permalink
Create SECURITY.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@pajod
pajod committed Dec 10, 2023
1 parent b464698 commit 5f1ffe8
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Insecurity

At the time this was written, no public version can correctly [process requests headers](https://cwe.mitre.org/data/definitions/444.html).

This is especially dangerous when, as recommended, running behind one or multiple proxies, which may both confuse WSGI applications about the origin or authentication status of a request, or cache maliciously crafted requests in unexpected ways.

**Stop running the software, or atleast remove public access.**

## No Support

You are looking at my one-off fork. Its not supported *at all*.

| Version | Status |
| ------- | ------------------ |
| (this fork) | ❗ still additional SECURITY PROBLEMS ❗ |
| 22.0.0 | (no release date set) |
| 21.2.0 | ❗ KNOWN SECURITY PROBLEMS ❗ |
| 20.0.0 | ❗ KNOWN SECURITY PROBLEMS ❗ |
| < 20.0 | ❗ KNOWN SECURITY PROBLEMS ❗ |

## Reporting a Vulnerability

See what the upstream maintainer [Benoit Chesneau](https://github.com/benoitc) suggests, likely in the [repository section titled SECURITY](https://github.com/benoitc/gunicorn/security).

0 comments on commit 5f1ffe8

Please sign in to comment.