github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-09 09:36:30 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
9ed203ed8c
discourse/app
History
Natalie Tay 76f06f6b14
SECURITY: Fixes for stable (#28138) 
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox (stable)

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:08 +08:00
..
assets SECURITY: Fixes for stable (#28138) 2024-07-30 14:19:08 +08:00
controllers SECURITY: Don't allow suspending staff users via other_user_ids param 2024-07-03 20:12:25 +08:00
helpers SECURITY: Properly escape user content within <noscript> 2024-01-30 09:10:09 -07:00
jobs PERF: only allow one reviewable notification at a time (#26331) 2024-03-22 15:00:33 -07:00
mailers FIX: Add higher read & open timeouts for group SMTP emails (#24593) 2023-11-28 15:32:59 +10:00
models SECURITY: Fixes for stable (#28138) 2024-07-30 14:19:08 +08:00
serializers SECURITY: Update reviewable user serializer payload 2024-07-03 20:12:14 +08:00
services SECURITY: Don't allow suspending staff users via other_user_ids param 2024-07-03 20:12:25 +08:00
views SECURITY: Properly escape user content within <noscript> 2024-01-30 09:10:09 -07:00