Comments (5)
Version 2.4.3 just got published.
Your tests are passing again with this version. Explicitly upgrade to this version π
Release Notes
v2.4.3Security fix:
This version contains a security fix, which is also breaking change if you have an insecure configuration.
We are releasing this breaking change as patch version to protect you from attacks.
Sorry if this breaks your setup, but the fix is easy.
We added a check for the correct Host
header to the webpack-dev-server.
This allowed evil websites to access your assets.
The Host
header of the request have to match the listening adress or the host provided in the public
option.
Make sure to provide correct values here.
The response will contain a note when using an incorrect Host
header.
For usage behind a Proxy or similar setups we also added a disableHostCheck
option to disable this check.
Only use it when you know what you do. Not recommended.
This version also includes this security fix for webpack-dev-middleware: https://github.com/webpack/webpack-dev-middleware/releases/tag/v1.10.2
Note: This only affect the development server and middleware. webpack and built bundles are not affected.
Bugfixes:
- Requests are not blocked when
Host
doesn't match listening host orpublic
option. - Requests to
localhost
or127.0.0.1
are not blocked.
Features:
- Added
disableHostCheck
option to disable the host check
Commits
The new version differs by 4 commits0.
ca93284
2.4.3
f3a4ac6
Merge branch 'security/host-check'
8db5fd5
Require a secure webpack-dev-middleware version
2957853
enable Host header check for all requests and sockets
false
See the full diff
from robotlegsjs.
Version 2.4.4 just got published.
Your tests are passing again with this version. Explicitly upgrade to this version π
Release Notes
v2.4.4Bugfixes:
- add
disableHostCheck
to schema
Commits
The new version differs by 6 commits0.
7d08d1e
2.4.4
988f9c9
fixes #883
ca93284
2.4.3
f3a4ac6
Merge branch 'security/host-check'
8db5fd5
Require a secure webpack-dev-middleware version
2957853
enable Host header check for all requests and sockets
false
See the full diff
from robotlegsjs.
Version 2.4.5 just got published.
Your tests are passing again with this version. Explicitly upgrade to this version π
Commits
The new version differs by 10 commits0.
662bc31
2.4.5
99b273c
Merge pull request #888 from phairoh/fix-incorrect-variable-usage
f26f985
Added tests for Server.prototype.checkHost
9688eea
Use idxPublic when extracting hostname from publicHost
7d08d1e
2.4.4
988f9c9
fixes #883
ca93284
2.4.3
f3a4ac6
Merge branch 'security/host-check'
8db5fd5
Require a secure webpack-dev-middleware version
2957853
enable Host header check for all requests and sockets
false
See the full diff
from robotlegsjs.
Version 2.5.0 just got published.
Your tests are passing again with this version. Explicitly upgrade to this version π
Release Notes
v2.5.0Security
Don't provide a SSL cert, but generate one on demand. Unique for each developer.
https://medium.com/@mikenorth/961572624c54 by Mike North
Bugfixes
- allow port 0 again
- add
allowedHosts
option - better check for WebWorker
- add
openPage
option to open a specific page - add
--bonjour
- add
lan
option, which listen on lan ip by default
Commits
The new version differs by 21 commits.
bbcdca7
2.5.0
7b3a42a
Add 'lan' option (modify the option name to βuseLocalIpβ for more semantic) (#901)
8d5f252
replace console.log with internal log function (#856)
c9fe53d
zeroconf dns (bonjour) service publishing (#930)
14d77a5
Adding page argument to the Open option (#917)
2ca97dd
Strongly check client isn't running on WebWorker for sendMsg (#929)
ab889c3
Add 'allowedHosts' option (#899)
1a26ab4
fix #752: allow --port 0 again (#918)
9a7693c
Merge pull request #942 from webpack/ssl-path
25e1098
updating https docs
400b289
generate ssl certs per instance
662bc31
2.4.5
99b273c
Merge pull request #888 from phairoh/fix-incorrect-variable-usage
f26f985
Added tests for Server.prototype.checkHost
9688eea
Use idxPublic when extracting hostname from publicHost
There are 21 commits in total.
See the full diff
from robotlegsjs.
Version 2.5.1 just got published.
Your tests are passing again with this version. Explicitly upgrade to this version π
Commits
The new version differs by 24 commits.
7c8b1f6
2.5.1
047a595
Merge pull request #946 from lencioni/patch-1
8978059
Update to webpack 3
bbcdca7
2.5.0
7b3a42a
Add 'lan' option (modify the option name to βuseLocalIpβ for more semantic) (#901)
8d5f252
replace console.log with internal log function (#856)
c9fe53d
zeroconf dns (bonjour) service publishing (#930)
14d77a5
Adding page argument to the Open option (#917)
2ca97dd
Strongly check client isn't running on WebWorker for sendMsg (#929)
ab889c3
Add 'allowedHosts' option (#899)
1a26ab4
fix #752: allow --port 0 again (#918)
9a7693c
Merge pull request #942 from webpack/ssl-path
25e1098
updating https docs
400b289
generate ssl certs per instance
662bc31
2.4.5
There are 24 commits in total.
See the full diff
from robotlegsjs.
Related Issues (18)
- Migrate original unit tests to TypeScript HOT 1
- Decouple PIXI/ContextView from the core HOT 1
- Update documentation HOT 1
- Update copyright messages on source code
- Add code coverage tool
- Update istanbul-instrumenter-loader to version 1.0.0 HOT 1
- Exclude unnecessery directories before publish to npm HOT 4
- Upgrade to inversify 3.0.0
- An in-range update of typescript is breaking the build π¨
- An in-range update of remap-istanbul is breaking the build π¨
- An in-range update of @types/chai is breaking the build π¨
- An in-range update of typescript is breaking the build π¨ HOT 6
- An in-range update of sinon is breaking the build π¨ HOT 11
- An in-range update of @types/bluebird is breaking the build π¨ HOT 6
- An in-range update of remap-istanbul is breaking the build π¨ HOT 4
- An in-range update of webpack is breaking the build π¨ HOT 1
- An in-range update of ts-loader is breaking the build π¨ HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
π Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. πππ
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google β€οΈ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from robotlegsjs.