prepare actix-web release

Add security note to ConnectionInfo::remote() (#1158 )
2025-08-01 13:01:51 +02:00 · 2019-11-14 08:55:37 +06:00 · 2019-11-14 08:32:47 +06:00
3 changed files with 10 additions and 3 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,6 +1,6 @@
 # Changes

-## [1.0.9] - 2019-xx-xx
+## [1.0.9] - 2019-11-14

 ### Added

@@ -10,6 +10,7 @@

 * Support `Host` guards when the `Host` header is unset (e.g. HTTP/2 requests) (#1129)

+
 ## [1.0.8] - 2019-09-25

 ### Added
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "actix-web"
-version = "1.0.8"
+version = "1.0.9"
 authors = ["Nikolay Kim <fafhrd91@gmail.com>"]
 description = "Actix web is a simple, pragmatic and extremely fast web framework for Rust."
 readme = "README.md"
@@ -78,7 +78,7 @@ actix-utils = "0.4.4"
 actix-router = "0.1.5"
 actix-rt = "0.2.4"
 actix-web-codegen = "0.1.2"
-actix-http = "0.2.9"
+actix-http = "0.2.11"
 actix-server = "0.6.1"
 actix-server-config = "0.1.2"
 actix-testing = "0.1.0"
--- a/src/info.rs
+++ b/src/info.rs
@@ -162,6 +162,12 @@ impl ConnectionInfo {
    /// - Forwarded
    /// - X-Forwarded-For
    /// - peer name of opened socket
+    ///
+    /// # Security
+    /// Do not use this function for security purposes, unless you can ensure the Forwarded and
+    /// X-Forwarded-For headers cannot be spoofed by the client. If you want the client's socket
+    /// address explicitly, use
+    /// [`HttpRequest::peer_addr()`](../web/struct.HttpRequest.html#method.peer_addr) instead.
    #[inline]
    pub fn remote(&self) -> Option<&str> {
        if let Some(ref r) = self.remote {
Author	SHA1	Message	Date
Nikolay Kim	0212c618c6	prepare actix-web release	2019-11-14 08:55:37 +06:00
Feiko Nanninga	88110ed268	Add security note to ConnectionInfo::remote() (#1158 )	2019-11-14 08:32:47 +06:00