discourse/spec
David Taylor f45853676f
SECURITY: Ensure _forum_session cookies cannot be reused between sites (#14950)
This only affects multisite Discourse instances (where multiple forums are served from a single application server). The vast majority of self-hosted Discourse forums do not fall into this category.

On affected instances, this vulnerability could allow encrypted session cookies to be re-used between sites served by the same application instance.
2021-11-15 15:50:12 +00:00
..
components SECURITY: Disallow caching of MIME/Content-Type errors (#14907) 2021-11-12 15:52:25 -03:00
fabricators FEATURE: Direct S3 multipart uploads for backups (#14736) 2021-11-11 08:25:31 +10:00
fixtures FIX: Display Instagram Oneboxes in an iframe (#14789) 2021-11-02 14:34:51 -04:00
helpers FIX: Offer site_logo_dark_url as an option for dark mode themes (#14361) 2021-09-16 17:47:51 -04:00
import_export FEATURE: Rake task to export groups (#9450) 2020-04-17 14:59:54 -07:00
initializers FEATURE: A low priority filter for the review queue. (#12822) 2021-04-23 15:34:24 -03:00
integration SECURITY: Ensure _forum_session cookies cannot be reused between sites (#14950) 2021-11-15 15:50:12 +00:00
integrity DEV: Fix a flaky Onceoff spec (#13314) 2021-06-07 20:38:31 +02:00
jobs FEATURE: Pull hotlinked images in user bios (#14726) 2021-10-29 17:58:05 +03:00
lib DEV: Improve multisite testing (#14884) 2021-11-11 16:44:58 +00:00
mailers FIX: Do not show recipient user in email participants list (#14642) 2021-10-19 15:26:22 +10:00
models FEATURE: Add read-only scope to API keys (#14856) 2021-11-10 17:48:00 +02:00
multisite FEATURE: Direct S3 multipart uploads for backups (#14736) 2021-11-11 08:25:31 +10:00
requests FIX: Use previous chunk to check if local backup chunk upload complete (#14896) 2021-11-15 15:08:21 +10:00
script/import_scripts DEV: If disabled do not change setting after import (#12142) 2021-02-19 09:33:35 -07:00
serializers DEV: Fix rubocop issues (#14715) 2021-10-27 11:39:28 +03:00
services FEATURE: Direct S3 multipart uploads for backups (#14736) 2021-11-11 08:25:31 +10:00
support DEV: Move imap_helper to spec/support directory (#14776) 2021-10-29 20:46:25 +02:00
tasks FIX: remove migrate_from_s3 task that silently corrupts data (#11703) 2021-01-17 22:33:29 +01:00
views/omniauth_callbacks FEATURE: Use full page redirection for all external auth methods (#8092) 2019-10-08 12:10:43 +01:00
rails_helper.rb DEV: Catch Mocha::ExpectationError in request specs (#14897) 2021-11-12 13:10:16 +10:00
swagger_helper.rb DEV: Refactor the api docs for the user endpoint (#14377) 2021-09-20 10:04:57 -06:00