mirror of
https://github.com/searx/searx
synced 2024-12-12 00:45:18 +01:00
6b59800dc6
The suggested configurations for nginx found in the documentation and templates lead to vulnerabilities allowing host spoofing [1] and path traversal [2], as reported by Gixy [3]. This commit fixes those issues. [1] https://github.com/yandex/gixy/blob/master/docs/en/plugins/hostspoofing.md [2] https://github.com/yandex/gixy/blob/master/docs/en/plugins/aliastraversal.md [3] https://github.com/yandex/gixy |
||
---|---|---|
.. | ||
engines | ||
api.rst | ||
arch_public.dot | ||
architecture.rst | ||
buildhosts.rst | ||
engines.rst | ||
filtron.rst | ||
index.rst | ||
installation-apache.rst | ||
installation-docker.rst | ||
installation-nginx.rst | ||
installation-searx.rst | ||
installation-uwsgi.rst | ||
installation.rst | ||
morty.rst | ||
plugins.rst | ||
settings.rst | ||
update-searx.rst |