python · nono-pyHeads-up
nono-py: Empty allowed_hosts now denies all hosts by default
Empty allowed_hosts previously allowed all hosts, enabling transparent CONNECT tunneling to non-route hosts.
What changed
Empty allowed_hosts previously allowed all hosts, enabling transparent CONNECT tunneling to non-route hosts. Now empty allowed_hosts denies all hosts.
Who it affects
Users relying on route-only proxy configurations for strict egress control around untrusted code or sensitive credentials.
What to do today
Update to the fixed version. Explicitly configure allowed_hosts to restrict network access.
The trail
Collected→
Audited→
Written→
Published