Skip to content

Commit

Permalink
Create SECURITY.md
Browse files Browse the repository at this point in the history
  • Loading branch information
@pajod
pajod authored Dec 6, 2023
1 parent 9567009 commit 828496e
Showing 1 changed file with 23 additions and 0 deletions.
23 changes: 23 additions & 0 deletions SECURITY.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Insecurity

At the time this was written, No public version can correctly process requests headers, whether behind a proxy or not, rendering any access restrictions based on reading headers worthless.

**Stop running the software, or atleast remove public access.**

## No Support

You are looking at my one-off fork. Its not supported *at all*.

| Version | Status |
| ------- | ------------------ |
| (this fork) | ❗ still additional SECURITY PROBLEMS ❗ |
| 22.0.0 | (no release date set) |
| 21.2.0 | ❗ KNOWN SECURITY PROBLEMS ❗ |
| 20.0.0 | ❗ KNOWN SECURITY PROBLEMS ❗ |
| < 20.0 | ❗ KNOWN SECURITY PROBLEMS ❗ |

## Reporting a Vulnerability

See what the upstream maintainer [Benoit Chesneau](https://github.com/benoitc) suggests, likely in the [repository section titled SECURITY](https://github.com/benoitc/gunicorn/security).

If you found new HTTP parser flaws, consider dropping a note to [Ben Kallus](https://github.com/kenballus).

0 comments on commit 828496e

Please sign in to comment.