fix(deps): update module github.com/gofiber/fiber/v2 to v2.49.2 [security] #16
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
v2.48.0
->v2.49.2
GitHub Vulnerability Alerts
CVE-2023-41338
Impact
This vulnerability can be categorized as a security misconfiguration. It impacts users of our project who rely on the ctx.IsFromLocal() method to restrict access to localhost requests. If exploited, it could allow unauthorized access to resources intended only for localhost.
In it's implementation it uses c.IPs():
Thereby, setting
X-Forwarded-For: 127.0.0.1
in a request from a foreign host, will result in true for ctx.IsFromLocal()Patches
This issue has been patched in
v2.49.2
with commit b8c9ede6efa231116c4bd8bb9d5e03eac1cb76dcWorkarounds
Currently, there are no known workarounds to remediate this vulnerability without upgrading to the patched version. We strongly advise users to apply the patch as soon as it is released.
References
For further information and context regarding this security issue, please refer to the following resources:
Release Notes
gofiber/fiber (github.com/gofiber/fiber/v2)
v2.49.2
Compare Source
🧹 Updates
🐛 Fixes
📚 Documentation
Full Changelog: gofiber/fiber@v2.49.1...v2.49.2
Thank you @11-aryan and @AKARSHITJOSHI for making this update possible.
v2.49.1
Compare Source
🧹 Updates
🐛 Fixes
📚 Documentation
Full Changelog: gofiber/fiber@v2.49.0...v2.49.1
Thank you @KompocikDot, @LimJiAn and @gaby for making this update possible.
v2.49.0
Compare Source
❗ Breaking Changes
https://docs.gofiber.io/api/fiber#config
🚀 New
https://docs.gofiber.io/api/middleware/favicon#config
🧹 Updates
errors.Is
instead ofos.IsNotExist
(#2558)🐛 Fixes
📚 Documentation
Full Changelog: gofiber/fiber@v2.48.0...v2.49.0
Thank you @Jictyvoo, @Juneezee, @Kirari04, @LimJiAn, @PassTheMayo, @andersonmiranda-com, @bigpreshy, @efectn, @renanbastos93, @scandar, @sixcolors and @stefanb for making this update possible.
Configuration
📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.