Skip to content
Snippets Groups Projects
This project is mirrored from https://github.com/discourse/discourse. Pull mirroring updated .
  1. Jun 10, 2019
  2. Jun 05, 2019
    • Penar Musaraj's avatar
      SECURITY: Bump Handlebars to version 4.1.2 · 39bececa
      Penar Musaraj authored
      WS-2019-0064: Versions of handlebars prior to 4.0.14 are vulnerable to Prototype Pollution. Templates may alter an Objects prototype, thus allowing an attacker to execute arbitrary code on the server.
      39bececa
  3. May 08, 2019
  4. Apr 24, 2019
  5. Apr 11, 2019
  6. Apr 10, 2019
  7. Mar 28, 2019
  8. Mar 24, 2019
  9. Mar 15, 2019
  10. Mar 14, 2019
  11. Mar 13, 2019
  12. Mar 01, 2019
  13. Feb 27, 2019
    • Sam's avatar
      SECURITY: bypass long GET requests · 3ac5f526
      Sam authored
      In some rare cases we would check URLs with very large payloads
      this ensures we always bypass and do not read entire payloads
      3ac5f526
  14. Feb 17, 2019
    • David Taylor's avatar
      REFACTOR: Proxy letter avatars in rails instead of nginx · c10941bb
      David Taylor authored
      
      Co-authored-by: default avatarSam Saffron <sam.saffron@gmail.com>
      Co-authored-by: default avatarDavid Taylor <david@taylorhq.com>
      
      This gives more control over the request. In particular we can easily
      lookup DNS dynamically, instead of only upon NGINX startup.
      Previously, NGINX was looking up IP for the letter avatar service and
      caching the CDN IP address, this caused issues if CDN changed IP, in
      which letter avatars would be broken till a container restarted.
      
      NGINX config has been updated to add caching. This change will require
      a container rebuild.
      
      The proxy will now function in development environments, so the patch
      for `letter_avatar_proxy` has been removed.
      c10941bb
  15. Feb 15, 2019
  16. Feb 14, 2019
  17. Feb 13, 2019
  18. Feb 11, 2019
  19. Feb 07, 2019
Loading