Dinawo/CDN-APP-INSIDER
1
0
Fork 1
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity
90 Commits 3 Branches 0 Tags
a8af857cd37bbfc74bcd34adc6396fc2dc40fe41
Commit Graph

4 Commits

Author SHA1 Message Date
dinawo
76dc23c861 security: fix vulnerabilities and update security hardening (2026-03-12) 
Code security fixes:
- Fixed 3 critical auth bypass bugs (user.jso, typo → user.json) in RenameFile, NewFolder, DeleteFolder API routes
- Added URL validation (HTTP/HTTPS only) on ProfilPicture and BackgroundCustom endpoints to prevent stored XSS/CSS injection
- Added path traversal protection in Upload.js (resolved path boundary check)
- Removed unsafe-eval from CSP script-src directive
- Removed information disclosure in BuildMetaData error responses
- Removed unused child_process import in BuildMetaData.js

Version bump: 1.2.1-beta → 1.2.2-beta
 2026-03-12 17:16:16 +01:00
Dinawo
74850e5a4a V1.0.0.beta-15 Update
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Note: We appreciate your feedback and bug reports to continue improving our platform. Thank you for your continued support!
 2024-07-26 19:41:22 +02:00
Dinawo
ce8f1bbbac Update v1.0.0-beta.13
All checks were successful
continuous-integration/drone/push Build is passing
Details 
Several modifications made to the API and several bug fixes
 2024-06-02 18:13:28 +02:00
Dinawo
d76a781680 Update v1.0.0-beta.12, addition of external APIs and optimization
Some checks failed
continuous-integration/drone/push Build was killed
Details
continuous-integration/drone Build was killed
Details
2024-05-28 20:20:52 +02:00