Mirroristas/etcd
2
0
Fork 0
mirror of https://github.com/etcd-io/etcd.git synced 2024-09-27 06:25:44 +00:00
Code Issues Packages Projects Releases Wiki Activity
20,994 Commits 15 Branches 491 Tags 148 MiB
Commit Graph

16 Commits

Author SHA1 Message Date
Ivan Valdes
8578e07117
server: disable redirects in peer communication 
Disable following redirects from peer HTTP communication on the client's side.
Etcd server may run into SSRF (Server-side request forgery) when adding a new
member. If users provide a malicious peer URL, the existing etcd members may be
redirected to another unexpected internal URL when getting the new member's
version.

Signed-off-by: Ivan Valdes <ivan@vald.es>
 2023-12-04 13:53:28 -08:00
James Blair
3b37afec7b
Don't follow redirects when checking peer urls. 
It's possible that etcd server may run into SSRF situation when adding a new member. If users provide a malicious peer URL, the existing etcd members may be redirected to other unexpected internal URL when getting the new member's version.

Signed-off-by: James Blair <mail@jamesblair.net>
 2023-11-21 10:25:20 +13:00
Wei Fu
aa97484166 *: enable goimports in verify-lint 
Signed-off-by: Wei Fu <fuweid89@gmail.com>
 2023-09-21 21:14:09 +08:00
Geeta Gharpure
e5b7dde17e Add a method to export membership info to v2 store from RaftCluster 
Signed-off-by: Geeta Gharpure <geetagh@amazon.com>
 2023-07-28 16:55:41 +00:00
xin.li
b17b9c1428 chore: Use http constants to replace numbers as parameters 
Signed-off-by: xin.li <xin.li@daocloud.io>
 2023-02-20 11:53:41 +08:00
Benjamin Wang
2ac149b96a etcdserver: fix log typo when checking version compatiblity 
Signed-off-by: Benjamin Wang <wachao@vmware.com>
 2022-11-08 18:27:46 +08:00
Piotr Tabor
5097b33ab9 Rename etcdserver/etcderrors package to etcdserver/errors. 2022-05-20 14:32:04 +02:00
Piotr Tabor
fc6a6c3c27 Move etcdserver/errors.go to sepatate package to avoid cyclic dependencies. 2022-05-20 14:32:04 +02:00
kkkkun
59f7764772 add timeout for http client 2022-03-01 11:11:09 +08:00
Eng Zer Jun
2a151c8982
*: move from io/ioutil to io and os packages 
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil. This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
 2021-10-28 00:05:28 +08:00
Marek Siarkowicz
378159af30 server: Refactor cluster version decision code 2021-10-08 10:41:37 +02:00
Marek Siarkowicz
823f85dfc9 etcdserver: Move version monitor logic to separate module 2021-06-23 19:27:29 +02:00
Piotr Tabor
a70386a1a4 Simplify membership interface: Does not pass the 'unused' token. 2021-04-27 17:17:31 +02:00
Piotr Tabor
3bb7acc8cf Migrate dependencies pkg/foo -> client/pkg/foo 2021-04-07 00:38:47 +02:00
Piotr Tabor
aaf423e962 server: Update imports. 
find -name '*.go' | xargs sed -i --follow-symlinks 's|etcd/v3/|etcd/server/v3/|g'
 2020-10-26 13:02:32 +01:00
Piotr Tabor
4a5e9d1261 server: Move server files to 'server' directory. 
26  git mv mvcc wal auth etcdserver etcdmain proxy embed/ lease/ server
   36  git mv go.mod go.sum server
 2020-10-26 12:57:19 +01:00