Claire
|
f5f6273d2b
|
Move `ALLOWED_PRIVATE_ADDRESSES` parsing to an initializer (#32850)
|
2024-11-12 13:00:52 +00:00 |
David Roetzel
|
d60ef3f17e
|
Disable `httplog` gem in production (#32776)
|
2024-11-05 08:55:34 +00:00 |
Matt Jankowski
|
a139dac18e
|
Remove cookie rotator (#32289)
|
2024-11-04 09:11:00 +00:00 |
Emelia Smith
|
e1b7382ea6
|
Add userinfo oauth endpoint (#32548)
|
2024-10-30 14:38:10 +00:00 |
Claire
|
6ff1954bdb
|
Change Active Record Encryption variable check to check for emptiness (#32537)
|
2024-10-16 08:43:45 +00:00 |
Claire
|
ffa1032381
|
Add further warnings about encryption secrets (#32476)
|
2024-10-14 13:00:20 +00:00 |
Emelia Smith
|
454d21ab5a
|
Remove OAuth Password Grant Type support (#30960)
|
2024-10-01 09:56:58 +00:00 |
Claire
|
e22eff8900
|
Remove regexp timeout feature (#32169)
|
2024-09-30 09:41:06 +00:00 |
David Roetzel
|
cfb8fc6222
|
Increase regexp timeout and allow override (#32056)
|
2024-09-24 13:16:58 +00:00 |
Tim Campbell
|
11eae691ba
|
Feature more otel customization (#31998)
|
2024-09-23 08:55:35 +00:00 |
Matt Jankowski
|
5405bdd344
|
Remove unused E2EE messaging code (#31193)
|
2024-09-18 09:27:43 +00:00 |
Claire
|
d5cf27e667
|
Add global Regexp timeout (#31928)
|
2024-09-16 09:40:18 +00:00 |
Claire
|
a496aeabcb
|
Change form-action Content-Security-Policy directive to be more restrictive (#26897)
|
2024-09-12 13:24:19 +00:00 |
Eugen Rochko
|
24ef8255b3
|
Change design of embed modal in web UI (#31801)
|
2024-09-12 12:54:16 +00:00 |
Matt Jankowski
|
b530fc5267
|
Update rails to version 7.1.4 (#31563)
|
2024-09-06 15:22:35 +00:00 |
Claire
|
ee55d20fd5
|
Allow `POST /oauth/revoke` through CORS (#31743)
|
2024-09-04 10:46:28 +00:00 |
David Roetzel
|
388d5473e1
|
Refactor (ruby) redis configuration (#31694)
|
2024-09-02 14:19:55 +00:00 |
Matt Jankowski
|
85e8d1f285
|
Use rails configuration storage for paperclip path (#31651)
|
2024-08-30 09:46:09 +00:00 |
Matt Jankowski
|
6ec768668e
|
Remove `nsa` statsd integration (replaced by OpenTelemetry) (#30240)
|
2024-08-22 20:28:54 +00:00 |
Matt Jankowski
|
02df1b4e4a
|
Finish email allow/deny list naming migration (#30530)
|
2024-08-13 07:37:32 +00:00 |
Emelia Smith
|
a1f723a6a4
|
Add support for PKCE Extension in OmniAuth OIDC (#31131)
|
2024-08-12 14:32:52 +00:00 |
Claire
|
eaedd52def
|
Fix incorrect rate limit on PUT requests (#31356)
|
2024-08-09 14:48:05 +00:00 |
Adam Niedzielski
|
887e64efd4
|
Allow @ at the end of an URL (#31124)
|
2024-07-25 15:02:58 +00:00 |
Renaud Chaput
|
36592d10aa
|
Change Sidekiq readiness file to use an environment variable (#30988)
|
2024-07-10 12:57:25 +00:00 |
Renaud Chaput
|
7542a134d5
|
Add a file for Sidekiq to signal it is ready to process jobs (#30971)
|
2024-07-09 10:47:08 +00:00 |
Claire
|
8de5df225e
|
Change instructions to use `bundle exec rails` instead of `rake` (#30917)
|
2024-07-05 08:54:45 +00:00 |
Matt Jankowski
|
bc3737f0c3
|
Add detail about running version on vips error failure (#30858)
|
2024-06-27 16:27:42 +00:00 |
Claire
|
b15a3614dc
|
Stub `Vips::Error` when not using libvips (#30857)
|
2024-06-27 15:25:27 +00:00 |
Renaud Chaput
|
845fe1c693
|
Add the Interlingua locale (#30828)
|
2024-06-25 14:05:24 +00:00 |
Tim Rogers
|
f6e466058a
|
Added check for STATSD_ADDR setting to emit a warning and proceed rather than crashing if the address is unreachable (#30691)
|
2024-06-24 14:41:04 +00:00 |
Matt Jankowski
|
980034e2e1
|
Fix `Style/NilLambda` cop in paperclip initializer (#30695)
|
2024-06-14 09:50:50 +00:00 |
Matt Jankowski
|
0e1110c947
|
Use `SECRET_KEY_BASE_DUMMY` feature as placeholder during asset compilation (#30505)
|
2024-06-10 20:08:04 +00:00 |
Matt Jankowski
|
0cf91213c9
|
Opt in to remaining Rails 7.1 defaults (#30332)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
2024-06-10 06:32:20 +00:00 |
Claire
|
80cd001e0a
|
Fix linting issue (#30595)
|
2024-06-07 14:32:29 +00:00 |
Isa S
|
773283ffb9
|
Make S3's retry limit a ENV variable (#23215)
|
2024-06-07 13:54:55 +00:00 |
Victor Dyotte
|
299ae9bf92
|
Add `S3_KEY_PREFIX` environment variable (#30181)
|
2024-06-07 12:29:30 +00:00 |
Emelia Smith
|
e02d23b549
|
Change `read:me` scope to `profile` scope (#30357)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
2024-06-06 07:30:10 +00:00 |
Eugen Rochko
|
5f15a892fa
|
Add support for libvips in addition to ImageMagick (#30090)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
2024-06-05 19:15:39 +00:00 |
Matt Jankowski
|
4d3748ac44
|
Fix rack attack `match_type` value typo in logging config (#30514)
|
2024-06-03 07:16:01 +00:00 |
Matt Jankowski
|
a22865a352
|
Add `:email` to filter parameter logging config (#30492)
|
2024-05-31 09:35:56 +00:00 |
Claire
|
73a78cc19d
|
Fix rate-limiting incorrectly triggering a session cookie on most endpoints (#30483)
|
2024-05-30 12:56:18 +00:00 |
Claire
|
3fa0dd0b88
|
Merge pull request from GHSA-c2r5-cfqr-c553
* Add hardening monkey-patch to prevent IP spoofing on misconfigured installations
* Remove rack-attack safelist
|
2024-05-30 14:24:29 +02:00 |
Claire
|
16249946ae
|
Merge pull request from GHSA-q3rg-xx5v-4mxh
|
2024-05-30 14:14:04 +02:00 |
Emelia Smith
|
d20a5c3ec9
|
Fix: remove broken OAuth Application vacuuming & throttle OAuth Application registrations (#30316)
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
|
2024-05-29 14:00:05 +00:00 |
Nick Schonning
|
87156f57b5
|
Enable Style/StringConcatenation (#30428)
|
2024-05-27 09:41:45 +00:00 |
Renaud Chaput
|
acc77c3836
|
Add instrumentation to the search services (#30350)
|
2024-05-24 13:13:23 +00:00 |
Renaud Chaput
|
9658d3e580
|
Use the job class as span name for Sidekiq root spans (#30353)
|
2024-05-20 08:01:04 +00:00 |
Claire
|
12472e7f40
|
Add emphasis on ActiveRecord Encryption configuration values being secret (#30340)
|
2024-05-17 09:28:40 +00:00 |
Matt Jankowski
|
1b6eb2c7f0
|
Enable YJIT when available (#30310)
|
2024-05-16 09:56:48 +00:00 |
Renaud Chaput
|
283a891e92
|
Allow to customise the OTEL service name prefix (#30322)
|
2024-05-16 09:28:10 +00:00 |