Skip to content

Add RateLimit to registrations

Frank Duncan requested to merge ratelimit-registrations into ardc-main

A vulnerability was introduced with #3064 where registrations could be created en masse using arbitrary email addresses. An attacker could use this to make hypha auto generate mass emails to those recipients. Adding a ratelimit to the registration should prevent that from being too aggressive.

Merge request reports