Skip to content

com.azure+azure-security-confidentialledger_1.1.0-beta.3

Pre-release
Pre-release

Choose a tag to compare

View all tags
@azure-sdk-automation azure-sdk-automation released this 12 Jun 16:37
com.azure+azure-security-confidentialledger_1.1.0-beta.3
cae5632
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

1.1.0-beta.3 (2026-06-05)

Bugs Fixed

  • Hardened ConfidentialLedgerRedirectPolicy to enforce a stricter redirect destination policy. The client now
    only follows HTTP redirects whose target host is the original ledger host or one of its subdomains (using the
    same scheme). Redirects to sibling ledgers, parent domains, unrelated hosts, or look-alike suffix domains are
    refused, logged at the warning level, and never followed, preventing the sensitive Authorization header from
    being forwarded to an unintended destination.
Assets 2
Loading