v2.3.3
This patch release resolves another security vulnerability unearthed by the amazing dcRUSTy.
Bug Fixes
- Previously, CORS was enabled for all origins, which created a CSRF vulnerability that would allow
a malicious site to potentially execute remote code through JavaScript injection. Now, CORS is disabled
by default, requiring you to pass all safe origins on the command line to enable it. Use the new
--origin
CLI flag to pass in safe origins. - Ensure
numberOfRequests
is reset to 0 when sending aDELETE
request to/imposters/:port/savedRequests
Contributors
Many thanks to the following kind folks for help with this release, either through bug reports, suggestions, or direct code contributions:
- dcRUSTy
Install
npm install -g mountebank@2.3.3
or:
Option | node.js required? | sudo required? | links | Description |
---|---|---|---|---|
Self-contained archives | No | No | Simply unpack and run mb from inside |
|
OS-specific packages | No | Yes | Puts mb at /usr/local/bin , which is generally in the PATH . |
|
source tarball | Yes | No | source tarball if you roll that way. |
Windows path limitations
*mountebank wishes very much for your Windows experience to be hassle-free, but he is simply not qualified to address a particular constraint of Windows Explorer. For legacy reasons, some Windows applications, including most notably Windows Explorer, have a maximum number of characters allowed in a path of 260 characters. As mountebank writes these words, the longest path he includes in the zip files is around 175 characters. The zip file name, which is likely to represent itself as two nested directories if you use the defaults to unzip it, will be around 25 characters. That gives you very little wiggle room. If you unzip the file in your users directory, you may very likely get an error because of this constraint.
The following solutions will all work:
- Unzip to the root of your C: drive (or a similar small path)
- Use 7zip to unzip the file instead of Windows Explorer
- Use
npm
to install mountebank instead of the zip file