terriajs-server icon indicating copy to clipboard operation
terriajs-server copied to clipboard

Published 20 hours ago verified publisher icon TerriaJS

Replace express-brute

Open pjonsson opened this issue 1 year ago • 2 comments

This replaces express-brute with rate-limiter-flexible, which removes the dependency on the vulnerable underscore version, and does not have a rate limit bypass vulnerability.

pjonsson avatar May 05 '24 15:05 pjonsson

The tests pass, but I have no idea if the changed code path is exercised by the test suite.

pjonsson avatar May 05 '24 15:05 pjonsson

@na9da this is one of the two PRs that together fixes all known security issues in terriajs-server, can you please take a look at this?

pjonsson avatar May 23 '24 15:05 pjonsson