diff options
author | Stefan Giehl <stefan@matomo.org> | 2021-06-13 00:49:31 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-06-13 00:49:31 +0300 |
commit | 7c1d7910788765e05ab4100fac475cf96b73e8f7 (patch) | |
tree | 9720d1c59d1298c3ebccf0994d5dbbe8e809a415 /CHANGELOG.md | |
parent | 4bf0ab925dc2bef87cf8070bc422ba2874fab357 (diff) |
Ensure redirects from logme method are only done to trusted hosts (#17661)
* Ensure redirects from logme method are only done to trusted hosts
* add changelog
* sanitize host in exception message
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 74de1dc46d..44d892ad57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,10 @@ The Product Changelog at **[matomo.org/changelog](https://matomo.org/changelog)* ## Matomo 4.4.0 +### Breaking Changes + +* The redirect using the `url` param for the automatic login action `logme`, will no longer do redirects to untrusted hosts. If you need to do redirects to other URLs on purpose, please add the according hosts as `trusted_hosts` entry in `config.ini.php` + ### Changes to events * It is now possible via the Mail.send event to abort sending emails. Set the `$mail` event parameter to null to do this. |