references/openproject
1
0
Fork 0
mirror of https://github.com/opf/openproject.git synced 2026-06-13 19:20:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update README with acknowledgment for SAML SSRF report

Browse Source 
Acknowledge GitHub user for reporting SAML SSRF protection issue.
This commit is contained in:
Oliver Günther
2026-06-10 06:26:29 +02:00
committed by GitHub
parent 821a3876cf
commit d105542dfd
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/release-notes/17-5-0/README.md
+2
View File
@@ -158,6 +158,8 @@ In previous releases, we have introduced improved mechanisms to prevent Server-S
In most installations, this will not require any changes.
However, if you operate your SAML using internal IP addresses, you may need to add your IP or range to the `OPENPROJECT_SSRF_PROTECTION_IP_ALLOWLIST` configuration. Please see [the configuration guide for SSRF](https://www.openproject.org/docs/installation-and-operations/configuration/ssrf-protection/) for more information.
We'd like to thank GitHub user [@aslantugay](https://github.com/aslantugay) for reporting on the SAML integration still lacking SSRF protection as part of GitHub advisory https://github.com/opf/openproject/security/advisories/GHSA-mq29-cmv3-rcmr.
<!-- Remove this section if empty, add to it in pull requests linking to tickets and provide information -->
<!-- BEGIN SECURITY FIXES AUTOMATED SECTION -->