discourse

mirror of https://github.com/discourse/discourse.git synced 2024-11-25 10:20:58 -06:00

History

Robin Ward 1d38040579 SECURITY: SQL injection with default categories This is a low severity security fix because it requires a logged in admin user to update a site setting via the API directly to an invalid value. The fix adds validation for the affected site settings, as well as a secondary fix to prevent injection in the event of bad data somehow already exists.		2019-07-11 13:41:51 -04:00
..
assets	UX: Mobile editor style fixes (#7878 )	2019-07-11 09:57:53 -04:00
controllers	Revert "FEATURE: admin/user exports are compressed using the zip format (#7784 )"	2019-07-10 11:38:51 -03:00
helpers	FEATURE: show login and signup button on no-ember layout (#7867 )	2019-07-09 04:51:19 +05:30
jobs	Revert "FEATURE: admin/user exports are compressed using the zip format (#7784 )"	2019-07-10 11:38:51 -03:00
mailers	SECURITY: Strip HTML from invite emails	2019-07-05 14:57:11 -04:00
models	SECURITY: SQL injection with default categories	2019-07-11 13:41:51 -04:00
serializers	FEATURE: opt-in guidance on topics for users without access (#7852 )	2019-07-04 10:12:39 +02:00
services	FIX: only add image size when with & height are in pixels	2019-07-05 20:34:11 +02:00
views	Remove unused file resubscribe.html.erb	2019-07-09 15:17:33 -04:00