diff options
| author | Sheogorath | 2019-08-15 23:05:02 +0200 |
|---|---|---|
| committer | Sheogorath | 2019-08-15 23:14:54 +0200 |
| commit | c1789474020a6d668d616464cb2da5e90e123f65 (patch) | |
| tree | 65460d8343a2153cdf8e53de7fc953ca6f0592cb /lib | |
| parent | e574ae7588ef2981799ddefe3684809e27411204 (diff) | |
Disable PDF export due to security issue
As a temporary fix, to keep you and your users save, this patch disables
the PDF export feature. Details of the attack along with a fix for
future versions of CodiMD will be released in future.
I hope you can live with this solution for this release because I'm
super short on time and the alternative would be to ship no fix at all.
This appears to be the better solution for this release.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
| -rw-r--r-- | lib/config/index.js | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/config/index.js b/lib/config/index.js index b6001aa0..ee4817b3 100644 --- a/lib/config/index.js +++ b/lib/config/index.js @@ -189,6 +189,12 @@ switch (config.imageUploadType) { ] } +// Disable PDF export due to security issue +if (config.allowPDFExport) { + config.allowPDFExport = false + logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.') +} + // generate correct path config.sslCAPath.forEach(function (capath, i, array) { array[i] = path.resolve(appRootPath, capath) |