This project is mirrored from https://github.com/discourse/discourse.
Pull mirroring updated .
- Jun 10, 2019
-
-
Neil Lalonde authored
-
- Jun 05, 2019
-
-
Penar Musaraj authored
WS-2019-0064: Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects prototype, thus allowing an attacker to execute arbitrary code on the server.
-
- May 08, 2019
-
-
Rafael dos Santos Silva authored
-
Rafael dos Santos Silva authored
This is necessary because the bumped ruby version (which happens in the discourse_docker repo) doesn't install mini_racer < 0.2.4
-
- Apr 24, 2019
-
-
Dan Ungureanu authored
-
Gerhard Schlager authored
-
Joffrey JAFFEUX authored
-
- Apr 11, 2019
-
-
Sam Saffron authored
Previously we would rely on enable brotli in the web template to turn this on, going forward this is default on
-
- Apr 10, 2019
-
-
Robin Ward authored
This is to address: https://www.npmjs.com/advisories/755 It is a low priority fix, as Discourse does not allow end users to input raw handlebars templates.
-
- Mar 28, 2019
-
-
Neil Lalonde authored
-
- Mar 24, 2019
-
-
Sam Saffron authored
Previously carefully crafted URLs could redirect off site
-
- Mar 15, 2019
- Mar 14, 2019
-
-
Vinoth Kannan authored
-
- Mar 13, 2019
-
-
Roman Rizzi authored
-
Roman Rizzi authored
-
- Mar 01, 2019
-
-
Neil Lalonde authored
-
- Feb 27, 2019
-
-
Sam authored
In some rare cases we would check URLs with very large payloads this ensures we always bypass and do not read entire payloads
-
- Feb 17, 2019
-
-
David Taylor authored
Co-authored-by: Sam Saffron <sam.saffron@gmail.com> Co-authored-by: David Taylor <david@taylorhq.com> This gives more control over the request. In particular we can easily lookup DNS dynamically, instead of only upon NGINX startup. Previously, NGINX was looking up IP for the letter avatar service and caching the CDN IP address, this caused issues if CDN changed IP, in which letter avatars would be broken till a container restarted. NGINX config has been updated to add caching. This change will require a container rebuild. The proxy will now function in development environments, so the patch for `letter_avatar_proxy` has been removed.
-
- Feb 15, 2019
-
- Feb 14, 2019
-
-
Bianca Nenciu authored
-
Bianca Nenciu authored
-
Bianca Nenciu authored
- Feb 13, 2019
-
-
Vinoth Kannan authored
(cherry picked from commit 36ff971c)
-
Vinoth Kannan authored
(cherry picked from commit fb911766)
-
- Feb 11, 2019
-
-
Arpit Jalan authored
If a user posted twice in a topic then subsequent posters were not getting added as topic_allowed_users.
-
- Feb 07, 2019
-
-
Neil Lalonde authored
-
Kris authored
-
Bianca Nenciu authored
-
Kris authored
-
Bianca Nenciu authored
-
Dan Ungureanu authored
-
Maja Komel authored
-
David Taylor authored
-
Sam authored
This update logster to the stable 2.0.1 release instead of running a pre release
-
Gerhard Schlager authored
-
Kris authored
-
Régis Hanol authored
-