js · nocodbHeads-up
nocodb: base-migration endpoint enforces http/https protocol validation
The base-migration endpoint now validates that the migration URL protocol is http: or https: and rejects others.
What changed
The base-migration endpoint now validates that the migration URL protocol is http: or https: and rejects others. The worker already uses request-filtering-agent to block private IP ranges.
Who it affects
Workspace owners who use the migration endpoint; the fix prevents protocol abuse and internal network probing.
What to do today
Update NocoDB to the latest version that includes this fix.
The trail
Collected→
Audited→
Written→
Published
Source
GitHub Advisory · nocodb