CDN-APP-INSIDER

Dinawo/CDN-APP-INSIDER

Fork 1

Commit Graph

Author	SHA1	Message	Date
dinawo	76dc23c861	security: fix vulnerabilities and update security hardening (2026-03-12) Code security fixes: - Fixed 3 critical auth bypass bugs (user.jso, typo → user.json) in RenameFile, NewFolder, DeleteFolder API routes - Added URL validation (HTTP/HTTPS only) on ProfilPicture and BackgroundCustom endpoints to prevent stored XSS/CSS injection - Added path traversal protection in Upload.js (resolved path boundary check) - Removed unsafe-eval from CSP script-src directive - Removed information disclosure in BuildMetaData error responses - Removed unused child_process import in BuildMetaData.js Version bump: 1.2.1-beta → 1.2.2-beta	2026-03-12 17:16:16 +01:00
Dinawo	f83358c67d	V1.0.0-beta.15 Update 2 All checks were successful continuous-integration/drone/push Build is passing Details Note: We appreciate your feedback and bug reports to continue improving our platform. Thank you for your continued support!	2024-07-26 19:46:38 +02:00

Author

SHA1

Message

Date

dinawo

76dc23c861

security: fix vulnerabilities and update security hardening (2026-03-12)

Code security fixes:
- Fixed 3 critical auth bypass bugs (user.jso, typo → user.json) in RenameFile, NewFolder, DeleteFolder API routes
- Added URL validation (HTTP/HTTPS only) on ProfilPicture and BackgroundCustom endpoints to prevent stored XSS/CSS injection
- Added path traversal protection in Upload.js (resolved path boundary check)
- Removed unsafe-eval from CSP script-src directive
- Removed information disclosure in BuildMetaData error responses
- Removed unused child_process import in BuildMetaData.js

Version bump: 1.2.1-beta → 1.2.2-beta

2026-03-12 17:16:16 +01:00

Dinawo

f83358c67d

V1.0.0-beta.15 Update 2

continuous-integration/drone/push Build is passing

Details

Note: We appreciate your feedback and bug reports to continue improving our platform. Thank you for your continued support!

2024-07-26 19:46:38 +02:00

2 Commits