github-mirror/discourse
github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-02-23 23:21:54 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
discourse/config
History
Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories 
This is a low severity security fix because it requires a logged in
admin user to update a site setting via the API directly to an invalid
value.

The fix adds validation for the affected site settings, as well as a
secondary fix to prevent injection in the event of bad data somehow
already exists.
2019-07-11 13:53:12 -04:00
..
cloud/cloud66
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
environments
DEV: Re-enable uglifier for non-precompiled assets
2019-05-14 10:28:18 +01:00
initializers
DEV: improve on rake db:create
2019-06-14 15:06:07 +10:00
locales
SECURITY: SQL injection with default categories
2019-07-11 13:53:12 -04:00
application.rb
FEATURE: SKIP_DB_AND_REDIS env var (#7756)
2019-06-13 12:58:27 +10:00
boot.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
cdn.yml.sample
database.yml
DEV: Make setting up of multisite DB in test env clearer.
2019-03-21 09:58:07 +08:00
deploy.rb.sample
discourse_defaults.conf
FEATURE: enable_performance_http_headers for performance diagnostics
2019-06-05 16:08:11 +10:00
discourse.config.sample
discourse.pill.sample
environment.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
logrotate.conf
multisite.yml.production-sample
nginx.global.conf
nginx.sample.conf
FIX: Have nginx always pass /uploads/short-url requests to app.
2019-05-29 18:19:15 +08:00
projections.json
puma.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
routes.rb
SECURITY: Add confirmation screen when logging in via user-api OTP
2019-06-17 16:18:44 +01:00
sidekiq.yml
FEATURE: introduce ultra_low priority queue
2019-01-17 14:53:19 +11:00
site_settings.yml
DEV: optimize bulk invite process
2019-06-12 16:33:19 +05:30
spring.rb
DEV: enable frozen string literal on all files
2019-05-13 09:31:32 +08:00
thin.yml.sample
unicorn_launcher
FIX: Increase timeout when trying to reload unicorn.
2018-12-04 13:43:14 +08:00
unicorn_upstart.conf
unicorn.conf.rb
DEV: ensure we never fork v8 contexts from unicorn
2019-05-16 09:50:34 +10:00