mattnite
/
forgejo-tickets
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
83 Commits 1 Branch 0 Tags 231 KiB
Commit Graph

18 Commits

Author SHA1 Message Date
Matthew Knight 199642242f
Fix security vulnerabilities identified in pre-deployment audit 
- Regenerate session ID on login to prevent session fixation (H1)
- Add mutex to login lockout counters to fix race condition (H2)
- Validate issuer/audience claims on Apple ID tokens (M2)
- Verify comment belongs to ticket's issue to prevent attachment IDOR (M4)
- Stop SSO from re-approving admin-disapproved users (M3)
- Add Content-Security-Policy header (M1)
- Configure trusted proxies via TRUSTED_PROXIES env var (M6)
- Cap password length at 128 for bcrypt truncation (L1)
- Set Secure flag on flash cookies over HTTPS (L2)
- Rate-limit POST /reset-password (L3)
- Add authenticated password change at /account/password (L4)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-18 12:30:23 -08:00
Matthew Knight d9eede4c15
Merge branch 'main' into unify-ui 2026-02-17 16:46:48 -08:00
Matthew Knight 5761872988
Pin Mermaid.js version with SRI integrity hash 
Fixes #27
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 16:12:25 -08:00
Matthew Knight 4a0af136d5
Add CSRF protection to admin panel 
Fixes #14

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-17 15:53:31 -08:00
Matthew Knight 4d688ffc20
Unify UI 2026-02-17 11:01:34 -08:00
Matthew Knight b187ee2257 Use customer names in UI and tickets 2026-02-16 23:08:29 +00:00
Matthew Knight 57177b126c
Check for repo write permissions -- needed to create labels 2026-02-16 10:18:32 -08:00
Matthew Knight acd9a03269
Drag and drop attachments 2026-02-16 00:58:04 -08:00
Matthew Knight c7bdb3b66e
JWT SSO 2026-02-15 09:12:19 -08:00
Matthew Knight da50fe4dde
Emojis and mermaid 2026-02-14 23:41:31 -08:00
Matthew Knight 210fa4ee2d
attachment fixes 2026-02-14 14:11:05 -08:00
Matthew Knight 0e52d7ef98
Render fixes 2026-02-14 13:33:19 -08:00
Matthew Knight d23aa87f75
More forgejo features 2026-02-14 12:59:32 -08:00
Matthew Knight cb21e0f6a2
Forgejo as the source of truth 2026-02-14 02:04:27 -08:00
Matthew Knight 57a8bb5a5e
Fixes 2026-02-14 01:10:22 -08:00
Matthew Knight 61e9f00b1c
Improvements 2026-02-14 00:19:49 -08:00
Matthew Knight c14cff4f51
Setting up webhooks 2026-02-13 23:05:42 -08:00
Matthew Knight 4fa62fc164
Init 2026-02-12 15:00:17 -08:00