| From: | Akshay Joshi <akshay(dot)joshi(at)enterprisedb(dot)com> |
|---|---|
| To: | pgadmin-hackers(at)lists(dot)postgresql(dot)org |
| Subject: | pgAdmin 4 commit: Added following security enhancements: |
| Date: | 2020-10-20 11:46:28 |
| Message-ID: | E1kUq60-0006fW-Ta@gothos.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgadmin-hackers |
Added following security enhancements:
1) Added ALLOWED_HOSTS list to limit the host address.
2) Added CSP and HSTS security header.
3) Hide the webserver/ development framework version.
Fixes #5919
Branch
------
master
Details
-------
https://git.postgresql.org/gitweb?p=pgadmin4.git;a=commitdiff;h=08c4deba5a4aa781db2c78839eb03f6bccf60a30
Author: Ganesh Jaybhay <ganesh(dot)jaybhay(at)enterprisedb(dot)com>
Modified Files
--------------
Dockerfile | 4 ++-
docs/en_US/release_notes_4_28.rst | 1 +
pkg/docker/entrypoint.sh | 4 +--
pkg/docker/gunicorn_config.py | 2 ++
requirements.txt | 1 +
web/config.py | 49 ++++++++++++++++++++++++++++++++++-
web/pgadmin/__init__.py | 45 +++++++++++++++++++++++++++-----
web/pgadmin/browser/__init__.py | 3 +++
web/pgadmin/preferences/__init__.py | 3 +++
web/pgadmin/utils/security_headers.py | 41 +++++++++++++++++++++++++++++
web/pgadmin/utils/session.py | 6 ++++-
11 files changed, 148 insertions(+), 11 deletions(-)
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Akshay Joshi | 2020-10-20 11:47:26 | Re: [pgAdmin][5919] Fix security related issues |
| Previous Message | Pradip Parkale | 2020-10-20 09:29:37 | [pgAdmin][RM4639]: Truncate Trigger option should enabled in properties sections if trigger is already created without each rows |