Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-05-21 19:42:54 +08:00
Code Packages Activity Actions
discourse/spec/fixtures
History
Exact
Kelv b751742573
FIX: invalid CSP directive sources should allow site to boot with valid CSP directives (#31256) 
[Security
patch](5558e72f22)
(for this [CVE](https://nvd.nist.gov/vuln/detail/CVE-2024-54133)) from
rails actionpack was backported from [Rails
8.0.0.1](https://github.com/rails/rails/blob/v8.0.1/actionpack/CHANGELOG.md#rails-8001-december-10-2024)
to previous stable versions including `7-1-stable` / `7-2-stable`.

Any previous version of Discourse upgrading to v3.4.0.beta3 and above
would have observed their sites crashing if they had invalid sources in
their CSP directive extensions.

This fix removes such invalid sources during our build of the CSP, and
logs these at a warning level so devs are able to find out why their CSP
sources were filtered out of the extendable directives.
2025-02-10 20:38:36 +08:00
..
backups FIX: Backups should use relative paths for local uploads 2020-08-21 15:22:28 +02:00
csv FIX: S3Inventory#backfill_etags_and_list_missing need to unescape key (#30787) 2025-01-15 14:52:49 +08:00
db DEV: Upgrade Rails to version 7.2 2024-11-27 10:48:47 +01:00
emails FIX: correctly extract body and/or reply from exchange emails (#30512) 2024-12-31 15:29:36 +01:00
encodings
feed FIX: Select best link from Atom feed (#15663) 2022-01-21 17:54:18 +02:00
i18n FIX: Missing translation when translation override contained a %{key} (#16625) 2022-05-04 17:35:22 +02:00
images SECURITY: Reduce maximum size of SVG sprite cache to prevent DoS 2023-09-12 15:31:28 -03:00
json DEV: Fix flaky core backend spec (#22650) 2023-07-18 07:01:19 +08:00
md A11Y: Set role=presentation if alt attr is missing (#18546) 2022-10-12 14:07:37 +03:00
media FIX: Add attachment content-disposition for all non-image files (#10058) 2020-06-17 11:16:37 +10:00
mmdb DEV: Revert rails 7.1 upgrade (#27522) 2024-06-18 23:48:30 +02:00
multisite
onebox FEATURE: Remove unnecessary org names from PR oneboxes (#31102) 2025-02-01 01:05:08 +01:00
pdf FEATURE: Add attachments to outgoing emails 2019-07-25 15:57:45 +02:00
plugins FIX: invalid CSP directive sources should allow site to boot with valid CSP directives (#31256) 2025-02-10 20:38:36 +08:00
scss
site_settings DEV: Fix flaky deprecated setting specs (#30550) 2025-01-04 12:55:22 +01:00
svg FIX: Allow attachments to be opened in a new tab instead of downloading them (#30535) 2025-01-07 10:32:32 +08:00
theme_locales/objects_settings DEV: Support translations for property labels in objects schema editor (#26362) 2024-03-28 10:53:51 +08:00
theme_settings DEV: Change category type to categories type for theme object schema (#26339) 2024-03-27 10:54:30 +08:00
themes DEV: Add skip_migrations param when importing remote theme (#25218) 2024-01-11 14:04:02 +08:00
woff2