discourse/app
David Taylor 982f23e1f2
SECURITY: Remove ember-cli specific response from application routes (stable) (#15154)
Under some conditions, these varied responses could lead to cache poisoning, hence the 'security' label.

For the stable branch, we are disabling the use of Ember CLI against production sites. A new implementation has been added to the tests-passed/beta branches
2021-12-01 16:02:45 +00:00
..
assets SECURITY: Strip unrendered unicode bidirectional chars in code blocks (#15032) 2021-11-22 10:46:07 +10:00
controllers FIX: Make autotag watched words case insensitive (#13043) 2021-05-14 16:52:10 +03:00
helpers SECURITY: Remove ember-cli specific response from application routes (stable) (#15154) 2021-12-01 16:02:45 +00:00
jobs SECURITY: Improve validation of SNS subscription confirm (#14672) 2021-10-20 22:20:35 +01:00
mailers FEATURE: Auto-activate users invited by email (#12675) 2021-04-14 12:15:56 +03:00
models SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:33:10 +08:00
serializers SECURITY: XSS in bookmarks list (#13311) 2021-06-07 16:59:12 +02:00
services SECURITY: Only show tags to users with permission (#15148) 2021-12-01 10:33:10 +08:00
views DEV: Minor changes to /theme-qunit landing page (#13032) 2021-05-11 10:45:07 -04:00