删除分支是永久的。此操作 无法 撤销,继续?
标签
里程碑
指派成员
未指派成员
1 名参与者
到期时间
未设置到期时间。
依赖工单
此工单当前没有任何依赖。
正在加载...
这个人很懒,什么都没留下。
删除分支 '%!s(MISSING)'
By knowing the static url of a task file anyone can access the file without having read access to the project. The most straightforward way to mitigate this vulnerability is by using the NGINX module “ngx_http_secure_link_module” https://nginx.org/en/docs/http/ngx_http_secure_link_module.html
However, since this module only supports MD5, we will not recommend this solution. Ideally the vulnerability would have been mitigated using a third party package for NGINX: “ngx_http_hmac_secure_link_module” https://github.com/nginx-modules/ngx_http_hmac_secure_link_module
To enable this, the package would have to be included in NGINX before compilation, as of now the image uses a pre-compiled NGINX. Then gx_http_hmac_secure_link_module would enable use of temporarily secure links hashed with a secure hashing algorithm such as SHA256.