Tag
Changes: Api
All changelog entries tagged with Api.

Bug Fix: Rate Limiting Bypass Vulnerability

SecurityBug FixesSecurityBug FixApi

We've identified and fixed a security vulnerability in our rate limiting implementation that could allow bypass under certain conditions.

Issue details:

  • Rate limits could be bypassed using custom X-Forwarded-For headers
  • Affected endpoints: /auth/login, /auth/register, /auth/password-reset
  • Impact: Potential brute force attacks

Fix summary:

  • Enhanced header validation
  • Improved IP extraction logic
  • Added additional safeguards for proxy detection

Update to version 2.4.4 or later to ensure proper rate limiting protection.

Read more