summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorSheogorath2019-08-15 23:05:02 +0200
committerSheogorath2019-08-15 23:14:54 +0200
commitc1789474020a6d668d616464cb2da5e90e123f65 (patch)
tree65460d8343a2153cdf8e53de7fc953ca6f0592cb /lib
parente574ae7588ef2981799ddefe3684809e27411204 (diff)
Disable PDF export due to security issue
As a temporary fix, to keep you and your users save, this patch disables the PDF export feature. Details of the attack along with a fix for future versions of CodiMD will be released in future. I hope you can live with this solution for this release because I'm super short on time and the alternative would be to ship no fix at all. This appears to be the better solution for this release. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Diffstat (limited to '')
-rw-r--r--lib/config/index.js6
1 files changed, 6 insertions, 0 deletions
diff --git a/lib/config/index.js b/lib/config/index.js
index b6001aa0..ee4817b3 100644
--- a/lib/config/index.js
+++ b/lib/config/index.js
@@ -189,6 +189,12 @@ switch (config.imageUploadType) {
]
}
+// Disable PDF export due to security issue
+if (config.allowPDFExport) {
+ config.allowPDFExport = false
+ logger.warn('PDF export was disabled for this release to mitigate a critical security issue. This feature will hopefully become available again in future releases.')
+}
+
// generate correct path
config.sslCAPath.forEach(function (capath, i, array) {
array[i] = path.resolve(appRootPath, capath)