Commit graph

2 commits

Author SHA1 Message Date
GitLab Bot
a1ed241c82 Add latest changes from gitlab-org/gitlab@master 2021-02-03 21:09:17 +00:00
Douwe Maan
a9bcddee4c Protect Gitlab::HTTP against DNS rebinding attack
Gitlab::HTTP now resolves the hostname only once, verifies the IP is not
blocked, and then uses the same IP to perform the actual request, while
passing the original hostname in the `Host` header and SSL SNI field.
2019-05-30 10:47:31 -03:00