|
|
a8af857cd3
|
security: fix vulnerabilities and harden code (2026-03-12)
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is failing
Path traversal fixes:
- DeleteFile.js: use path.resolve() + symlink protection (CRITICAL)
- DeleteFileFolder.js: add path.resolve() validation + symlink check (CRITICAL)
- RenameFile.js: use path.resolve() with proper prefix check + symlink guard (HIGH)
- attachments.js: add baseDir validation + skip symlinks in recursive search (MEDIUM)
XSS fixes:
- dashboard.js: escape user input in onerror/onclick inline attributes (HIGH)
- paramadminsettingsetup.script.js: escape values in innerHTML template (MEDIUM)
Input validation:
- inputValidationMiddleware.js: block suspicious requests instead of logging only (MEDIUM)
Version bump: 1.2.2-beta → 1.2.3-beta
|
2026-03-12 20:18:28 +01:00 |
|
|
|
76dc23c861
|
security: fix vulnerabilities and update security hardening (2026-03-12)
Code security fixes:
- Fixed 3 critical auth bypass bugs (user.jso, typo → user.json) in RenameFile, NewFolder, DeleteFolder API routes
- Added URL validation (HTTP/HTTPS only) on ProfilPicture and BackgroundCustom endpoints to prevent stored XSS/CSS injection
- Added path traversal protection in Upload.js (resolved path boundary check)
- Removed unsafe-eval from CSP script-src directive
- Removed information disclosure in BuildMetaData error responses
- Removed unused child_process import in BuildMetaData.js
Version bump: 1.2.1-beta → 1.2.2-beta
|
2026-03-12 17:16:16 +01:00 |
|
|
|
2df1b28962
|
Update v1.2.0-beta - Dynamic context menu & permissions
continuous-integration/drone/push Build is passing
✨ New Features:
- Dynamic permission-based context menus for files and folders
- Support for collaborative folder access control
- Upload to specific folders including shared folders
- Changelog modal for version updates
- Improved dark mode synchronization
🐛 Bug Fixes:
- Fixed context menu displaying incorrect options
- Fixed CSS !important override preventing dynamic menu behavior
- Fixed folder collaboration permission checks
- Fixed breadcrumb navigation with empty segments
- Fixed "Premature close" error loop in attachments
- Fixed missing user variable in admin routes
- Fixed avatar loading COEP policy issues
🔒 Security:
- Added security middleware (CSRF, rate limiting, input validation)
- Fixed collaboration folder access validation
- Improved shared folder permission handling
🎨 UI/UX Improvements:
- Removed Actions column from folder view
- Context menu now properly hides/shows based on permissions
- Better visual feedback for collaborative folders
- Improved upload flow with inline modals
🧹 Code Quality:
- Added collaboration data to folder routes
- Refactored context menu logic for better maintainability
- Added debug logging for troubleshooting
- Improved file upload handling with chunking support
|
2025-10-25 23:55:51 +02:00 |
|
|
|
de8c5ccb84
|
Update v1.1.1-beta1
continuous-integration/drone/push Build is failing
continuous-integration/drone Build is failing
|
2025-06-14 22:01:39 +02:00 |
|
|
|
51d11a6c36
|
Update v1.1.0-beta.1
continuous-integration/drone/push Build is failing
|
2024-12-21 18:16:25 +01:00 |
|
|
|
f7658eca22
|
V1.0.0-beta.17 Update 2
continuous-integration/drone Build is passing
|
2024-12-15 00:49:12 +01:00 |
|
|
|
9ff4642a10
|
V1.0.0-beta.16 Update
continuous-integration/drone/push Build is passing
Note: We appreciate your feedback and bug reports to continue improving our platform. Thank you for your continued support!
|
2024-10-27 16:48:30 +01:00 |
|
|
|
f83358c67d
|
V1.0.0-beta.15 Update 2
continuous-integration/drone/push Build is passing
Note: We appreciate your feedback and bug reports to continue improving our platform. Thank you for your continued support!
|
2024-07-26 19:46:38 +02:00 |
|
|
|
74850e5a4a
|
V1.0.0.beta-15 Update
continuous-integration/drone/push Build is passing
Note: We appreciate your feedback and bug reports to continue improving our platform. Thank you for your continued support!
|
2024-07-26 19:41:22 +02:00 |
|
|
|
aaff0ed4ea
|
Urgent correction of version v1.0.0-beta.14 due to crash issues when acting on the CDN.
continuous-integration/drone/push Build is passing
We would like to apologize for the inconvenience caused and we would like to thank you for the quick report.
|
2024-07-12 18:07:19 +02:00 |
|
|
|
f05a7aff79
|
Refactor MoveFile.js and folder.ejs to improve file moving functionality
continuous-integration/drone/push Build is passing
|
2024-06-02 18:17:15 +02:00 |
|
|
|
ce8f1bbbac
|
Update v1.0.0-beta.13
continuous-integration/drone/push Build is passing
Several modifications made to the API and several bug fixes
|
2024-06-02 18:13:28 +02:00 |
|
|
|
d76a781680
|
Update v1.0.0-beta.12, addition of external APIs and optimization
continuous-integration/drone/push Build was killed
continuous-integration/drone Build was killed
|
2024-05-28 20:20:52 +02:00 |
|
|
|
11856846d8
|
Refactor Dockerfile and docker-compose.yml to use new directory structure and update volume paths
continuous-integration/drone/push Build is failing
|
2024-05-08 01:12:12 +02:00 |
|
|
|
1006dcb1f5
|
Update DockerCompose.template, Dockerfile, Upload.js, and upload.ejs files
continuous-integration/drone/push Build is passing
|
2024-04-14 15:57:58 +02:00 |
|
|
|
4e2e085a63
|
Update routes and file paths, fix authentication and security issues
continuous-integration/drone/push Build is passing
|
2024-04-13 22:17:54 +02:00 |
|
