From c93b6c1e08e7733a0efae112f18bcad977fe1236 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Mon, 18 Jun 2018 14:25:55 -0400
Subject: [PATCH] devblog

---
 doc/devblog/day_502__security_hole_part_4.mdwn | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)
 create mode 100644 doc/devblog/day_502__security_hole_part_4.mdwn

diff --git a/doc/devblog/day_502__security_hole_part_4.mdwn b/doc/devblog/day_502__security_hole_part_4.mdwn
new file mode 100644
index 0000000000..48c38de5fe
--- /dev/null
+++ b/doc/devblog/day_502__security_hole_part_4.mdwn
@@ -0,0 +1,16 @@
+Spent several hours dealing with the problem of http proxies, which
+bypassed the IP address checks added to prevent the security hole.
+Eventually got it filtering out http proxies located on private IP
+addresses.
+
+Other than the question of what to do about external special remotes
+that may be vulerable to related problems, it looks like the security
+hole is all closed off in git-annex now.
+
+Added a new page [[security]] with details of this and past security holes
+in git-annex.
+
+Several people I reached out to for help with special remotes have gotten
+back to me, and we're discussing how the security hole may affect them and
+what to do. Thanks especially to Robie Basak and Daniel Dent for their
+work on security analysis.