[Koha-bugs] [Bug 25950] REMOTE_ADDR set to null if client_ip in X-Forwarded-For matches a koha_trusted_proxies value
bugzilla-daemon at bugs.koha-community.org
bugzilla-daemon at bugs.koha-community.org
Fri Apr 23 01:49:01 CEST 2021
https://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=25950
--- Comment #19 from David Cook <dcook at prosentient.com.au> ---
(In reply to Jonathan Druart from comment #18)
> Yes it's failing consistently on D11
>
Well that's good at least.
> % pmvers Net::Netmask
> 1.9104
It looks like buster uses 1.9104-1 and bullseye uses 1.9104-2...
And it looks like 1.9104-2 includes a backport of a security patch that doesn't
allow the following formats:
'216.240.32'
'216.240'
'140'
'216.240.32/24'
'216.240/16'
The workaround is to use the "shortnet" option which is specified in the newer
versions of the module:
https://metacpan.org/pod/release/JMASLAK/Net-Netmask-2.0001/lib/Net/Netmask.pm
Note that we use Net::Netmask in a few places, so we'll need to either add the
shortnet option, or make people update their systems.
--
You are receiving this mail because:
You are watching all bug changes.
More information about the Koha-bugs
mailing list