| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Signed-off-by: Erik Michelson <erik@liltv.de>
|
|\
| |
| | |
Extended config.js documentation on login methods and libravatar
|
| |
| |
| |
| | |
Signed-off-by: Erik Michelson <erik@liltv.de>
|
| |
| |
| |
| | |
Signed-off-by: Erik Michelson <erik@liltv.de>
|
| |
| |
| |
| | |
Signed-off-by: Erik Michelson <erik@liltv.de>
|
|\ \
| |/
|/| |
Add security note to repository
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to simplify the communication with security researcher and
allow reporting of issues, this document should provide a rough idea
about:
1. What versions are supported
2. Who to contact
3. How to send findings properly secured
4. What to expect from an approved security issue
5. What if it's not considered a security issue
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|\
| |
| | |
Move sequelize-cli from devDependencies to dependencies, because it is needed to run migrations at run-time
|
|/
|
|
|
|
| |
needed to run migrations at run-time
Signed-off-by: Tobias Kremer <tobias.kremer@gmail.com>
|
|\
| |
| | |
Config: Return String Instead Of Buffer For Docker Secrets
|
| |
| |
| |
| | |
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
| |
| |
| |
| |
| |
| | |
Prevents "TypeError: Cannot freeze array buffer views with elements".
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
|\ \
| |/
|/| |
Docker Secrets: Correct Source Path
|
|/
|
|
| |
Signed-off-by: Jonas Thelemann <e-mail@jonas-thelemann.de>
|
|\
| |
| | |
[Snyk] Fix for 2 vulnerable dependencies
|
| |
| |
| |
| |
| |
| | |
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-AUTOLINKER-73494
- https://snyk.io/vuln/SNYK-JS-SEQUELIZE-459751
|
|\ \
| | |
| | | |
Slightly improve documentation
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | |
| | |
| | | |
No content was added; this is just a formatting commit.
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| | |
| | |
| | |
| | | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
| |/
| |
| |
| | |
Signed-off-by: Christian Bläul <christian@blaeul.de>
|
|\ \
| | |
| | | |
make aws s3 endpoint configurable
|
| | |
| | |
| | |
| | | |
Signed-off-by: Mathias Merscher <Mathias.Merscher@dg-i.net>
|
|\ \ \
| | | |
| | | | |
Add documentation for the new imprint feature
|
| | | |
| | | |
| | | |
| | | | |
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
|
|/ / /
| | |
| | |
| | | |
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
|
|\ \ \
| |_|/
|/| | |
Add link to imprint
|
|/ /
| |
| |
| | |
Signed-off-by: Matthias Lindinger <m.lindinger@live.de>
|
| | |
|
| |
| |
| |
| | |
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
Thanks to our great translators that made it to translate the major
parts of CodiMD into Arabic!
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
As a temporary fix, to keep you and your users save, this patch disables
the PDF export feature. Details of the attack along with a fix for
future versions of CodiMD will be released in future.
I hope you can live with this solution for this release because I'm
super short on time and the alternative would be to ship no fix at all.
This appears to be the better solution for this release.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
The recent sequelize upgrade introduced some other dependencies, this is
one of them. This patch replaces the old `mysql` library with `mysql2`.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| | |
It seems like since we switched to camelcase we missed to update some
variable names in the config section. This patch fixes those.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Meta-marked 0.4.4 which we used from our git repository contains a
RegexDOS attack in the marked dependency. The dependency was already
updated in our meta-marked repository, but not updated in yarn.
This made us still vulnerable to this ReDOS which was able to cause a
DOS attack on the server when updating a note.
For Details:
https://github.com/markedjs/marked/releases/tag/v0.7.0
https://github.com/markedjs/marked/pull/1515
What is a ReDOS?
A ReDOS attack is a DOS attack where an attacker targets a
not-well-written Regular Expression. Regular expressions try to build a
tree of all possibilities it can match in order to figure out if the
given statement is valid or not. A ReDOS attack abuses this concept by
providing a statement that doesn't match but causes extremly huge trees
that simply lead to exhausting CPU usage.
For more details see: https://www.owasp.org/index.php/Regular_expression_Denial_of_Service_-_ReDoS
Credit:
Huge thanks to @bitinerant for finding this and handling it with a
responsible disclosure.
Also thanks to the `marked`-team for fixing things already.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
| | |
|
|\ \
| | |
| | | |
fix: migration should return promise
|
|/ /
| |
| |
| | |
Signed-off-by: chandi <git@chandi.it>
|
|\ \
| | |
| | | |
Update badge icons
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
I just noticed that shields.io provides some nice new badges including
one explicitly for Matrix and one for Mastodon. Since those are really
our platforms, let's get them into our README. Just a cosmetic change.
Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
|
|/ / |
|
| | |
|