Robin Ward 1d38040579 SECURITY: SQL injection with default categories ... This is a low severity security fix because it requires a logged in admin user to update a site setting via the API directly to an invalid value. The fix adds validation for the affected site settings, as well as a secondary fix to prevent injection in the event of bad data somehow already exists.		2019-07-11 13:41:51 -04:00
..
backup_restore	FEATURE: Support private attachments when using S3 storage (#7677)	2019-06-06 13:27:24 +10:00
content_security_policy	FEATURE: allow plugins and themes to extend the default CSP (#6704)	2018-11-30 09:51:45 -05:00
i18n	FIX: English locale must not fall back to any other locale	2019-06-07 21:53:01 +02:00
seed_data	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
site_settings	SECURITY: SQL injection with default categories	2019-07-11 13:41:51 -04:00
browser_detection_spec.rb	DEV: Add spec for BrowserDetection and Chromebook.	2019-05-30 16:31:28 +03:00
content_security_policy_spec.rb	FEATURE: Calculate CSP based on active themes (#6976)	2019-02-11 12:32:04 +00:00
db_helper_spec.rb	SPEC: ensure never remap readonly columns	2019-05-09 18:01:35 +02:00
encodings_spec.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
introduction_updater_spec.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
mini_sql_multisite_connection_spec.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
search_spec.rb	FIX: Update mapping between locales and Postgres dictionaries. (#7606)	2019-05-27 16:52:09 +03:00
theme_javascript_compiler_spec.rb	DEV: use #frozen_string_literal: true on all spec	2019-04-30 10:27:42 +10:00
upload_creator_spec.rb	FEATURE: Support private attachments when using S3 storage (#7677)	2019-06-06 13:27:24 +10:00
upload_recovery_spec.rb	DEV: Prefabrication (test optimization) (#7414)	2019-05-07 13:12:20 +10:00