github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2024-12-14 07:33:39 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
af192ff9d5
discourse/config
History
Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories 
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:53:12 -04:00
..
cloud/cloud66 DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
environments DEV: Re-enable uglifier for non-precompiled assets 2019-05-14 10:28:18 +01:00
initializers DEV: improve on rake db:create 2019-06-14 15:06:07 +10:00
locales SECURITY: SQL injection with default categories 2019-07-11 13:53:12 -04:00
application.rb FEATURE: SKIP_DB_AND_REDIS env var (#7756) 2019-06-13 12:58:27 +10:00
boot.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
cdn.yml.sample
database.yml DEV: Make setting up of multisite DB in test env clearer. 2019-03-21 09:58:07 +08:00
deploy.rb.sample
discourse_defaults.conf FEATURE: enable_performance_http_headers for performance diagnostics 2019-06-05 16:08:11 +10:00
discourse.config.sample
discourse.pill.sample
environment.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
logrotate.conf
multisite.yml.production-sample
nginx.global.conf
nginx.sample.conf FIX: Have nginx always pass /uploads/short-url requests to app. 2019-05-29 18:19:15 +08:00
projections.json
puma.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
routes.rb SECURITY: Add confirmation screen when logging in via user-api OTP 2019-06-17 16:18:44 +01:00
sidekiq.yml FEATURE: introduce ultra_low priority queue 2019-01-17 14:53:19 +11:00
site_settings.yml DEV: optimize bulk invite process 2019-06-12 16:33:19 +05:30
spring.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
thin.yml.sample
unicorn_launcher FIX: Increase timeout when trying to reload unicorn. 2018-12-04 13:43:14 +08:00
unicorn_upstart.conf
unicorn.conf.rb DEV: ensure we never fork v8 contexts from unicorn 2019-05-16 09:50:34 +10:00