Lauri Ojansivu
|
ccd9034339
|
Fix SECURITY ISSUE 5: Attachment API uses bearer value as userId and DoS (Low).
Thanks to Siam Thanat Hack (STH) and xet7 !
|
2025-11-02 11:42:07 +02:00 |
|
Lauri Ojansivu
|
f26d582018
|
Fix SECURITY ISSUE 2: Access to boards of any Orgs/Teams, and avatar permissions.
Thanks to Siam Thanat Hack (STH) !
|
2025-11-02 09:11:50 +02:00 |
|
Lauri Ojansivu
|
e9a727301d
|
Fix SECURITY ISSUE 1: File Attachments enables stored XSS (High).
Thanks to Siam Thanat Hack (STH) !
|
2025-11-02 08:36:29 +02:00 |
|
Lauri Ojansivu
|
30620d0ca4
|
Some migrations and mobile fixes.
Docker / build (push) Has been cancelled
Docker Image CI / build (push) Has been cancelled
Release Charts / release (push) Has been cancelled
Test suite / Meteor tests (push) Has been cancelled
Test suite / Coverage report (push) Has been cancelled
Thanks to xet7 !
|
2025-10-25 21:09:07 +03:00 |
|
Lauri Ojansivu
|
ae1f80a52c
|
Added attachments API and admin panel attachment management for file storage backends settings. Fixed drag drop upload attachments from file manager to minicard or opened card.
Thanks to xet7 !
|
2025-10-11 11:05:46 +03:00 |
|
Lauri Ojansivu
|
e1fa607f87
|
Security Fix JVN#74210258: Stored XSS.
Thanks to Ryoya Koyama of Mitsui Bussan Secure Directions, Inc and xet7 !
|
2025-10-10 23:06:06 +03:00 |
|
Lauri Ojansivu
|
1c84b19f24
|
Show console.log 'Legacy attachments route loaded' only when environment variable DEBUG=true.
Thanks to xet7 !
|
2025-10-10 21:19:00 +03:00 |
|
Lauri Ojansivu
|
a8de2f224f
|
Use attachments from old CollectionFS database structure, when not yet migrated to Meteor-Files/ostrio-files, without needing to migrate database structure.
Thanks to xet7 !
|
2025-10-10 19:07:04 +03:00 |
|