-
Notifications
You must be signed in to change notification settings - Fork 111
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: reject on listen error, listen on hostname #86
Conversation
@TimLuq I can see some impacts with the hostname fix. Because it wasn't specified, it would listen on all available addresses ( I'll do some further testing before pulling this into master. |
Yes, when I saw that the checks failed I did a quick skim through the test cases and assumed that the tests were incomplete in this regard. Since the new behavior is the one previously documented most dependents should probably have correct Perhaps releasing this fix under a new minor version instead of a patch? Although that is technically bad practice. But so is breaking projects with a patch update. (Also with a minor update, but since it follows both the documented and intended behavior it could be done.) Tough call. |
This could also be seen as a security patch since users who are not behind a firewall and have configured what they believe to be a localhost-only server currently accepts external connections. Maybe they have given full filesystem access to an anonymous connection as they assume only localhost may establish connections. |
fd149fb
to
5f9db31
Compare
fe41a69
to
8db502c
Compare
I think I will release this as a breaking change, so a new major version. It has a chance of breaking some peoples usages, so it's the safest way to release this change. |
Looking at others that are using |
By default, `net.Server` listens on `0.0.0.0`, which is any available address. This ensures that ftp-srv only listens on the set hostname.
Instead of a direct equal comparison, use the `ip` package
This was an auto generated document, actually make it
Thanks to @TimLuq (#85)