- 15 Feb, 2019 1 commit
-
-
Sheogorath authored
Synk found an security vulnerbility in the version we provide, that in theory can provide an RCE. Details: https://snyk.io/vuln/SNYK-JS-HANDLEBARS-173692
-
- 14 Feb, 2019 2 commits
-
-
Claudius Coenen authored
Fix several typos in auth/saml.md
-
Felix Yan authored
Signed-off-by:
Felix Yan <felixonmars@archlinux.org>
-
- 31 Jan, 2019 1 commit
-
-
Christoph (Sheogorath) Kern authored
-
- 25 Jan, 2019 2 commits
-
-
Sheogorath authored
We talked about that during a community call. It turned out that not everyone likes to have OpenID on their instance. This patch disables OpenID by default. Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
Christoph (Sheogorath) Kern authored
Fix broken PDF export by wrong unlink call
-
- 24 Jan, 2019 3 commits
-
-
Sheogorath authored
We used `fs.unlink()` to remove the pdf file after we send it out to the client. This breaks in Node 10, when no function as second parameter is supplied. This patches changes it to the `fs.unlinkSync` function that doesn't have this requirement and this way doesn't crash. Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
Sheogorath authored
Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
Claudius Coenen authored
Fixing deep dependency problem with node 6.x
-
- 23 Jan, 2019 1 commit
-
-
Claudius Coenen authored
this commit has been blatantly stolen from @samselikoff in ember-cli-addon-docs. It prevents an issue introduced via a deep dependency that no longer supports node 6 (which we still would like to support). see: https://github.com/ember-learn/ember-cli-addon-docs/commit/231275b5a4bed59bbac798ddaa1bde94319047cb see: https://github.com/salesforce/tough-cookie/pull/141 Signed-off-by:
Claudius Coenen <opensource@amenthes.de>
-
- 22 Jan, 2019 2 commits
-
-
Christoph (Sheogorath) Kern authored
Fix reference to SAML guide in README
-
Jonathan authored
Signed-off-by:
Jonathan Klauck <jonathan.klauck@aoe.com>
-
- 21 Jan, 2019 3 commits
-
-
Christoph (Sheogorath) Kern authored
Add linting for tests
-
Sheogorath authored
The tests are currently not linted. This causes a different coding style than the rest of the sources. This patch adds the `./test` directory to the eslint testing and fixes linting for existing tests. Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
Christoph (Sheogorath) Kern authored
Add tests for csp.js
-
- 19 Jan, 2019 1 commit
-
-
Sheogorath authored
Since we lack of tests but got some great point to start, let's write more tests. This patch provides some basic tests for our CSP library. It's more an integration than a unit test, but gets the job done. Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
- 18 Jan, 2019 1 commit
-
-
Sheogorath authored
Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
- 12 Jan, 2019 2 commits
-
-
Christoph (Sheogorath) Kern authored
Fix broken manage_users after Winston upgrade
-
Christoph (Sheogorath) Kern authored
Update bootstrap from 3.3.7 to 3.4.0
-
- 11 Jan, 2019 1 commit
-
-
Sheogorath authored
Seems like finally there is a new bootstrap version for old version 3. This patch implements this new version with CodiMD and this way fixes some possible security issues in the frontend code. See: https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72889 https://snyk.io/vuln/SNYK-JS-BOOTSTRAP-72890 Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
- 10 Jan, 2019 1 commit
-
-
Daan Sprenkels authored
Commit c3584770 upgrades Winston and with that version `logger.transports.console` becomes undefined. This commit updates the code to prevent the crash. Signed-off-by:
Daan Sprenkels <hello@dsprenkels.com>
-
- 09 Jan, 2019 2 commits
-
-
Christoph (Sheogorath) Kern authored
Update SAML to version 1.0.0
-
Sheogorath authored
Seems like there was a security problem with the library. This patch updates to version 1.0.0 which fixed the details. Details: https://snyk.io/vuln/SNYK-JS-PASSPORTSAML-72411 Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
- 05 Jan, 2019 1 commit
-
-
Christoph (Sheogorath) Kern authored
Remove blueimp-md5 dependency
-
- 29 Dec, 2018 1 commit
-
-
Christoph (Sheogorath) Kern authored
Fix some XSS issues
-
- 28 Dec, 2018 2 commits
-
-
Max Wu authored
Signed-off-by:
Max Wu <jackymaxj@gmail.com>
-
Max Wu authored
Signed-off-by:
Max Wu <jackymaxj@gmail.com>
-
- 22 Dec, 2018 2 commits
-
-
Daan Sprenkels authored
Signed-off-by:
Daan Sprenkels <hello@dsprenkels.com>
-
Daan Sprenkels authored
Signed-off-by:
Daan Sprenkels <hello@dsprenkels.com>
-
- 21 Dec, 2018 3 commits
-
-
Christoph (Sheogorath) Kern authored
Fix broken Gist embedding
-
Christoph (Sheogorath) Kern authored
Update upload provider error message
-
Daan Sprenkels authored
Fixes #1107. Signed-off-by:
Daan Sprenkels <hello@dsprenkels.com>
-
- 20 Dec, 2018 2 commits
-
-
Sheogorath authored
Looks like GitHub changed their asset system and our CSP prevented them from getting loaded. This patch should fix the Gist embedding with enabled CSP by replacing the old URL `https://assets-cdn.github.com` with the new `https://github.githubassets.com` . Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
Christoph (Sheogorath) Kern authored
Fix usage of new URL API
-
- 18 Dec, 2018 1 commit
-
-
Sheogorath authored
Due to the deprecation of the old `url`-API provided by NodeJS we replaced `url.resolve` with `url.URL.resolve`, which doesn't exist. This patch fixes the local filesystem upload of CodiMD by using the new API correctly. Creating an URL object and using its href. Some more background: https://nodejs.org/api/url.html#url_url_href https://nodejs.org/api/url.html#url_url_resolve_from_to Fixes https://github.com/hackmdio/codimd/issues/1102 Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
- 12 Dec, 2018 1 commit
-
-
Christoph (Sheogorath) Kern authored
-
- 06 Dec, 2018 2 commits
-
-
Christoph (Sheogorath) Kern authored
Fix CSP for speaker notes
-
Christoph (Sheogorath) Kern authored
Fix disqus CSP
-
- 05 Dec, 2018 2 commits
-
-
Sheogorath authored
Disqus loads it's embed config.js from its root domain (https://disqus.com). Our CSPs only allow subdomains (e.g.: https://codimd.disqus.com). This causes the disqus embedding to fail. This patch should fix this problem by adding https://disqus.com to the CSP setting. From a security perspective there is no real change. Since still the same parties are involved. Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-
Sheogorath authored
Looks like I was wrong in my previous commit to update revealjs.[1] The speaker notes broke again with the CSPs. So this patch updates the hash and this way the speaker notes. [1]: bcebf1e8 Signed-off-by:
Sheogorath <sheogorath@shivering-isles.com>
-