Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
88 Commits 3 Branches 0 Tags
76dc23c8619e7c8680107a1ba4fb30c0d65be46b
Commit Graph

4 Commits

Author SHA1 Message Date
dinawo
76dc23c861 security: fix vulnerabilities and update security hardening (2026-03-12) 
Code security fixes:
- Fixed 3 critical auth bypass bugs (user.jso, typo → user.json) in RenameFile, NewFolder, DeleteFolder API routes
- Added URL validation (HTTP/HTTPS only) on ProfilPicture and BackgroundCustom endpoints to prevent stored XSS/CSS injection
- Added path traversal protection in Upload.js (resolved path boundary check)
- Removed unsafe-eval from CSP script-src directive
- Removed information disclosure in BuildMetaData error responses
- Removed unused child_process import in BuildMetaData.js

Version bump: 1.2.1-beta → 1.2.2-beta
 2026-03-12 17:16:16 +01:00
Dinawo
aaff0ed4ea Urgent correction of version v1.0.0-beta.14 due to crash issues when acting on the CDN.
All checks were successful
continuous-integration/drone/push Build is passing
Details 
We would like to apologize for the inconvenience caused and we would like to thank you for the quick report.
 2024-07-12 18:07:19 +02:00
Dinawo
ce8f1bbbac Update v1.0.0-beta.13
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Several modifications made to the API and several bug fixes
 2024-06-02 18:13:28 +02:00
Dinawo
4e2e085a63 Update routes and file paths, fix authentication and security issues
All checks were successful
continuous-integration/drone/push Build is passing
Details
2024-04-13 22:17:54 +02:00