discourse/config
Alan Guo Xiang Tan 0f7b9878ff SECURITY: Category group permissions leaked to normal users.
After this commit, category group permissions can only be seen by users
that are allowed to manage a category. In the past, we inadvertently
included a category's group permissions settings in `CategoriesController#show`
and `CategoriesController#find_by_slug` endpoints for normal users when
those settings are only a concern to users that can manage a category.
2022-04-08 13:46:20 +08:00
..
cloud/cloud66 DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
environments FIX: remove 'crawl_images' site setting (#14646) 2021-10-19 17:12:29 +05:30
initializers DEV: Clean up freedom patches 2022-04-06 10:07:14 +02:00
locales DEV: Improvements to UppyUploadMixin to use ExtendableUploader (#16383) 2022-04-07 12:59:06 +10:00
application.rb DEV: Remove Zeitwerk inflection monkey patch. 2022-03-29 16:04:49 +02:00
boot.rb DEV: Fix methods removed in Ruby 3.2 (#15459) 2022-01-05 18:45:08 +01:00
cdn.yml.sample
database.yml remove some hardcoded 'localhost's from dev environment (#14801) 2021-11-03 11:26:44 +08:00
deploy.rb.sample
dev_defaults.yml FEATURE: Add post edits count to user activity (#13495) 2021-08-02 10:15:53 -04:00
discourse_defaults.conf PERF: Bump message_bus to 4.2 (#16026) 2022-02-22 16:16:02 +00:00
discourse.config.sample
discourse.pill.sample
environment.rb DEV: replace mailcatcher references with mailhog (#14500) 2021-10-05 15:48:06 +05:30
logrotate.conf
multisite.yml.production-sample DEV: Remove db_id from sample multisite config. 2020-05-29 10:48:29 +08:00
nginx.global.conf
nginx.sample.conf FEATURE: Optimize images before upload (#13432) 2021-06-23 12:31:12 -03:00
projections.json DEV: Use .hbr for raw template file extension (#8883) 2020-02-11 13:38:12 -06:00
puma.rb remove daemonize setting (#12232) 2021-03-01 16:42:50 +11:00
routes.rb SECURITY: Category group permissions leaked to normal users. 2022-04-08 13:46:20 +08:00
sidekiq.yml
site_settings.yml FEATURE: allow for local theme js assets (#16374) 2022-04-07 07:58:10 +10:00
spring.rb DEV: enable frozen string literal on all files 2019-05-13 09:31:32 +08:00
thin.yml.sample
unicorn_launcher
unicorn_upstart.conf
unicorn.conf.rb DEV: Avoid $ globals (#15453) 2022-01-08 23:39:46 +01:00