Redirections are now only performed to trusted domains in XWiki. The list of trusted domains is obtained from two sources:

1. any URLs used to access the wiki is considered as trusted, as well as all the aliases used for subwikis,
2. it's possible to specify in xwiki.properties the list of trusted domain by setting the property url.trustedDomains.

If a redirection is attempted to an URL whose domain does not belong to any of this source, a warning log will be output and the redirect is prevented. Note that it's possible to switch off this security mechanism by setting the property url.trustedDomainsEnabled to false.