colin
/
sharded-gotify
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
606 Commits 1 Branch 0 Tags 4.4 MiB
Commit Graph

606 Commits

Author SHA1 Message Date
Jannis Mattheis 501aa95347 Update swagger (Fix XSS in swagger-ui) 
GHSA-3244-8mff-w398
https://www.vidocsecurity.com/blog/hacking-swagger-ui-from-xss-to-account-takeovers/
 2023-01-10 18:21:38 +01:00
Jannis Mattheis 056cd5ecb7
Merge pull request #535 from gotify/xss 
Only serve image files on ./image
 2022-12-29 12:03:02 +00:00
Jannis Mattheis 33d86e41c2 Only serve image files on ./image 
This is an addition to the existing XSS fix in the previous commit.
 2022-12-29 12:46:41 +01:00
Jannis Mattheis 022603ddf9
Merge pull request #534 from gotify/fix-xss 
Fix file upload XSS
 2022-12-28 19:38:05 +00:00
Jannis Mattheis 925fb7e2c9 Fix file upload XSS 
The application image file upload allowed authenticated users to upload
malious .html files. Opening such a file like

https://push.gotify.net/image/ViaxrjzNowdgL-xnEfVV-Ggv5.html

would allow the attacker to execute client side scripts.

The application image upload will now only allow the upload of files
with the following extensions: .gif, .png, .jpg and .jpeg.
 2022-12-28 20:13:35 +01:00
Jannis Mattheis c8f78e8469
Merge pull request #529 from gotify/redirect 
Fix Redirect to https
 2022-12-03 10:59:12 +00:00
Jannis Mattheis 522d7fbf4c Update golang ci action 2022-12-03 11:42:19 +01:00
Jannis Mattheis 615aa5ce1c Fix redirect to https with default http port 
Fixes #528
 2022-12-03 11:42:19 +01:00
Jannis Mattheis fe8a80d82f
Merge pull request #527 from mateuscelio/add-authorization-header-auth 
Adds Authorization header auth method
 2022-12-03 10:02:18 +00:00
mateuscelio 0fb584d7f7 Update docs 2022-12-03 10:45:07 +01:00
mateuscelio 70e1fd1863 Add authorization bearer token auth method 2022-12-03 10:45:07 +01:00
Jannis Mattheis c869052764
Merge pull request #517 from olof-nord/add-riscv64-support 
Add linux/riscv64 docker builds
 2022-11-09 18:26:28 +00:00
Olof Nord 3fa1cffde3 Add linux/riscv64 project support 2022-11-09 19:01:20 +01:00
Jannis Mattheis a8049f5138
Merge pull request #516 from Tert0/feature/priority-color 
Added Different notification color for priority
 2022-10-21 18:50:29 +00:00
Tert0 2fce3bdcac Add priority colors 2022-10-21 20:39:50 +02:00
Jannis Mattheis fb7d910a1b
Merge pull request #515 from Tert0/master 
Add Delete All Button confirmation
 2022-10-08 13:42:02 +00:00
Tert0 3eb0467239 Fix bracketSameLine prettier 2022-10-08 15:19:20 +02:00
Tert0 17b9b52d95 Add delete confirmation dialog 2022-10-08 15:15:29 +02:00
Jannis Mattheis 0250a48c2c Log loaded plugins 
If a plugin was built for a different gotify version, then plugin.Open
may throw an unrecoverable error. This log statement should help
debugging which plugin is causing the error.

See #510
 2022-09-11 17:29:31 +02:00
Jannis Mattheis c4e63863f7
Merge pull request #508 from gotify/update 
Update Dependencies
 2022-09-10 15:11:37 +00:00
Jannis Mattheis e68c5560e1 Update puppeteer 2022-09-10 16:50:01 +02:00
Jannis Mattheis fdfc2f264f Update other go deps 2022-09-10 16:50:01 +02:00
Jannis Mattheis 3c026e3650 Update gin-gonic 2022-09-10 16:49:58 +02:00
Jannis Mattheis fcd9b88bb7 Fix required mismatch in update & create user 
This shouldn't break the api.
 2022-09-10 16:47:22 +02:00
Jannis Mattheis ba0cee1da2 Move go.mod to go1.18 2022-09-10 16:47:22 +02:00
Jannis Mattheis 2243dd8b00 Update to go1.19 2022-09-10 16:47:22 +02:00
mateuscelio f16ce59e6c
Prevent setting id while inserting / updating applications 2022-07-24 08:48:14 +00:00
Jannis Mattheis 0d18b421e1
Merge pull request #489 from rwese/fix-login-form-autofill 
Fix login form password-manager support
 2022-05-29 20:05:12 +02:00
Jannis Mattheis 59b2ed17a6 Update linter 2022-05-29 19:45:45 +02:00
Rene Weselowski 13b878781b Fix login form password-manager support 2022-05-26 08:16:12 +00:00
Jannis Mattheis a23666aaf0 Fix too much whitespace on markdown message 
Fixes #463
 2022-01-12 19:00:05 +01:00
Jannis Mattheis 89fdb0b9a5 Fix makefile typo 2021-12-04 22:31:51 +01:00
Jannis Mattheis 6b3467b1d7 Format 2021-12-04 21:14:27 +01:00
Jannis Mattheis e272343deb Recreate yarn.lock & update node version 2021-12-04 21:14:27 +01:00
kirbylink 35ce1f9ae0
Add major version only tags 2021-11-22 19:13:09 +00:00
Jannis Mattheis 43998464f0 Add ghcr.io images 2021-10-24 21:37:48 +02:00
Christian Wischenbart b1f442ffbd Render favicons from original svg. 
- removed jpg artifacts
- minified pngs with pngcrush to reduce size
 2021-10-07 17:41:08 +02:00
Jannis Mattheis 8affeced49 Mask token in log 2021-09-27 17:46:12 +02:00
Jannis Mattheis d2e5dee67d
Create SECURITY.md 2021-09-26 20:46:58 +00:00
Jannis Mattheis 3cf47c5ee0 Fix keep alive setting comment 
See https://github.com/gotify/server/issues/343#issuecomment-914560534
 2021-09-07 21:29:11 +02:00
Jannis Mattheis 36eb8d8b2b Inject register & version information into index.html 
The registration form will always be shown inside the dev mode,
because there is no api that transmits if registration is enabled.
 2021-08-04 19:39:43 +02:00
pigpig c172590b92 Add registration 
Can be enabled via the registration config flag. (disabled per default)

Fixes gotify/server#395

Co-authored-by: pigpig <pigpig@pig.pig>
Co-authored-by: Karmanyaah Malhotra <32671690+karmanyaahm@users.noreply.github.com>
Co-authored-by: Jannis Mattheis <contact@jmattheis.de>
 2021-08-04 19:39:43 +02:00
Jannis Mattheis 7e261be304 Fix flaky e2e-tests 2021-06-19 09:39:15 +00:00
Jannis Mattheis 98f937ca4a Update caniuse 2021-06-19 09:39:15 +00:00
Jannis Mattheis a2d44968e5 Format 2021-06-19 09:39:15 +00:00
Jannis Mattheis 819a881557 Update ui deps 2021-06-19 09:39:15 +00:00
Jannis Mattheis 3364f1a9fe Update go deps 2021-06-19 09:39:15 +00:00
Jannis Mattheis 9abe803cf8 Push all tags 2021-04-16 20:39:40 +02:00
Jannis Mattheis 11aac90be4 Remove serviceWorker 2021-04-16 17:42:45 +00:00
Jannis Mattheis 93b421fdcf Update lib/pq 2021-04-16 17:42:45 +00:00