Zeroconf / "cloud metadata" endpoints in GCP will be accessible via webhooks post-migration
From @kirstenabma
Who’s doing the move? I have a few hackers with me that are wondering if we have a test environment already running on google cloud? They think we’ll be vulnerable after moving
Team met on Zoom call, progress is developing.
GitLab blocks certain requests to "local" IPs to prevent exfiltration of data via webhooks. In GCP, there is one more IP we need to block (and its v4-in-v6 equivalent): 169.254.169.254
Edited by Nick Thomas