This repository has been archived on 2023-03-18. You can view files and clone it, but cannot push or open issues or pull requests.

Robin Ward fe8bd92f71 SECURITY: SQL injection with default categories ... This is a low severity security fix because it requires a logged in admin user to update a site setting via the API directly to an invalid value. The fix adds validation for the affected site settings, as well as a secondary fix to prevent injection in the event of bad data somehow already exists.		2019-07-11 13:53:12 -04:00
..
assets	SECURITY: XSS with title selector on preferences page	2019-07-09 17:35:26 -04:00
controllers	DEV: Respond with error 400 to uploads requested via XHR	2019-06-27 11:30:05 +02:00
helpers	replace subfolder on cdn url conversion between general cdn and s3 (#7764)	2019-06-17 11:51:17 -07:00
jobs	FIX: Don't send notification email when user isn't allowed to see topic	2019-07-02 09:05:36 +10:00
mailers	SECURITY: Strip HTML from invite emails	2019-07-05 14:58:46 -04:00
models	SECURITY: SQL injection with default categories	2019-07-11 13:53:12 -04:00
serializers	FIX: In reply to would sometimes have a broken link	2019-06-10 11:33:10 -04:00
services	FIX: iterate when clearing watched words cache	2019-07-04 08:59:01 -07:00
views	SECURITY: Add confirmation screen when logging in via email link	2019-06-17 18:20:48 +01:00