SONAR-14682 - Make webhook validation configurable

author: Belen Pruvost <belen.pruvost@sonarsource.com> 2021-04-29 17:30:41 +0200
committer: sonartech <sonartech@sonarsource.com> 2021-04-29 20:03:32 +0000
commit: 7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1 (patch)
tree: efc2128a8f3ad840fdaac8ea3f2b7766ec9cea01 /server/sonar-docs
parent: d62debd109bd54064ee87ab513886958b0e58b48 (diff)
download: sonarqube-7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1.tar.gz
sonarqube-7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/server/sonar-docs/src/pages/setup/upgrade-notes.md b/server/sonar-docs/src/pages/setup/upgrade-notes.md
index 590837efd0d..634f4db7d2d 100644
--- a/server/sonar-docs/src/pages/setup/upgrade-notes.md
+++ b/server/sonar-docs/src/pages/setup/upgrade-notes.md
@@ -20,6 +20,10 @@ To improve security, webhooks, by default, aren't allowed to point to the SonarQ
 
 [Full release notes](https://jira.sonarsource.com/secure/ReleaseNote.jspa?projectId=10930&version=16710)
 
+**Enforced security on Webhooks**
+By default and to enforce security constraints, webhooks are not allowed to point to the IPs addresses of the local SonarQube instance. 
+However, that behavior can be changed in [Administration > General Settings > Security](/#sonarqube-admin#/admin/settings?category=security/).
+
 ## Release 8.8 Upgrade Notes  
 **CSS analysis now requires Node.js 10+**  
 In order to analyze CSS code, you now need to have Node.js 10+ installed on the machine running the scan.
author	Belen Pruvost <belen.pruvost@sonarsource.com>	2021-04-29 17:30:41 +0200
committer	sonartech <sonartech@sonarsource.com>	2021-04-29 20:03:32 +0000
commit	7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1 (patch)
tree	efc2128a8f3ad840fdaac8ea3f2b7766ec9cea01 /server/sonar-docs
parent	d62debd109bd54064ee87ab513886958b0e58b48 (diff)
download	sonarqube-7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1.tar.gz sonarqube-7b297b7bb6287d8b5f6e0d6c66f210c062f7d1a1.zip