-
Notifications
You must be signed in to change notification settings - Fork 36
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SRCH-2453 verify host when connecting to Twitter's streaming API #769
Conversation
- bundle updated gems
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@@ -78,7 +81,7 @@ gem 'retry_block', '~> 1.2.0' | |||
gem 'aws-sdk', '< 3.0' | |||
gem 'colorize', '~> 0.8.1' | |||
gem 'dogstatsd-ruby', '~> 3.2.0' | |||
gem 'http', '~> 1.0' | |||
gem 'http', '~> 4.0' |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yay!
@jmax-fearless , re-review requested for config tweak: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Functional SRCH-2324 update newrelic_rpm (SRCH-2324 update newrelic_rpm #771) … SRCH-2453 verify host when connecting to Twitter's streaming API (SRCH-2453 verify host when connecting to Twitter's streaming API #769) … Testing or Process SRCH-2457 add pull request template (SRCH-2457 add pull request template #774) SRCH-2110 consolidate cucumber tests (SRCH-2110 consolidate cucumber tests #773)
This PR ensures that we validate the host when connecting to Twitter's streaming API via the
tweetstream
gem. This resolves the "Improper Certificate Validation in TweetStream" vulnerability.