e8b51feceb
Version bump to v2.1.4
2018-11-29 11:16:23 -05:00
6b9b73236a
SECURITY: enforce hostname to match discourse hostname
...
This ensures that the hostname rails uses for various helpers always matches
the Discourse hostname
# Conflicts:
# config/application.rb
# spec/requests/application_controller_spec.rb
2018-11-15 16:17:22 +11:00
05b2c5babf
SECURITY: update rack from 2.0.5 to 2.0.6
...
This release contains security fixes to the underlying rack library
used by Discourse.
Impact is not too high as we do not use request.scheme in our templates
2018-11-07 10:06:24 +11:00
e16c1206e5
Version bump to v2.1.3
2018-11-05 11:08:19 +00:00
43ad60d52c
SECURITY: Add CSRF protections to OpenID callback
2018-11-05 11:07:35 +00:00
d37e8e17ef
UX: bumps the user-api-key version to 3 ( #6526 )
...
* UX: bumps the user-api-key version to 3
* fix spec
2018-11-01 21:29:29 +01:00
5a114df088
FEATURE: adds latest to user-api-key session scope
2018-11-01 21:29:19 +01:00
b8aec7777c
FEATURE: adds list#(unread|new) to user api key routes ( #6494 )
2018-11-01 21:29:13 +01:00
38ad1b96cb
FEATURE: adds header text/background color to site ( #6462 )
2018-11-01 21:29:04 +01:00
5e054e00da
SECURITY: update loofah for CVE-2018-16468
2018-10-30 11:37:35 -04:00
caae57a496
Version bump to v2.1.2
2018-10-12 10:46:12 -04:00
40559b3881
Fix UploadRecovery from S3 fails with bucket name containing sub-folder.
2018-10-01 20:22:15 +08:00
05fe5c9188
Fix onceoff job in cfa7173da3 not running.
2018-10-01 18:37:05 +08:00
cf60ae32ea
FIX: Onceoff job to fix missing user profile backgrounds.
2018-10-01 18:31:09 +08:00
b6e7992a3d
FIX: correct readonly timeout
...
So it only applies in readonly mode
2018-09-20 15:19:46 +10:00
abc39c492a
FIX: in redis readonly raise an exception from DistributedMutex
...
If we detect redis is in readonly we can not correctly get a mutex
raise an exception to notify caller
When getting optimized images avoid the distributed mutex unless
for some reason it is the first call and we need to generate a thumb
In redis readonly no thumbnails will be generated
2018-09-19 15:49:18 +10:00
d7d5db257b
FIX: required rbtrace upgrade
...
trollop gem was renamed to optimist
2018-09-19 15:29:53 +10:00
7b70a208ba
SECURITY: correct XSS on long topic titles
2018-09-18 08:56:10 +10:00
c662e0918f
SECURITY: remove admin memory diagnostics routes
2018-09-18 08:36:24 +10:00
852026dfae
Backward compatibility for dropping functions in ColumnDropper.
...
https://meta.discourse.org/t/launcher-rebuild-error-pg-error-schema-discourse-functions-does-not-exist/96209
2018-09-17 14:52:09 +08:00
b5401af2dc
Version bump to v2.1.1
2018-09-14 11:00:12 -04:00
8ddcb6564e
FIX: Onceoff job to recover missing post uploads.
...
This fixes the regression due to 1f636c445b
2018-09-14 10:52:33 +08:00
9d81a6cc72
DEV: Avoid using send and make the method public instead.
2018-09-14 10:52:16 +08:00
ea522589cf
Accept custom AR relation for UploadRecovery.
2018-09-14 10:51:55 +08:00
1d6597c646
FIX: Do not try to recover invalid Upload#short_url in UploadRecovery.
2018-09-14 10:51:36 +08:00
692f2aa395
Fix the build.
2018-09-14 10:51:26 +08:00
2176605fc4
Add basic test case for UploadRecovery.
2018-09-14 10:51:20 +08:00
50f7e2be64
Rescue errors when running dry run for UploadRecovery.
2018-09-14 10:51:11 +08:00
d257b4a386
Fix s3 recovery from tombstone in UploadRecovery.
2018-09-14 10:51:04 +08:00
c3c42fd056
Add dry run option to UploadRecovery.
2018-09-14 10:50:53 +08:00
f08e7bdbff
Fix incorrect variable.
2018-09-14 10:50:46 +08:00
797a259702
New rake task uploads:recover.
2018-09-14 10:50:32 +08:00
0811379ab3
DEV: Print the error class in uploads:list_posts_with_broken_images.
2018-09-14 10:50:26 +08:00
dffd4fa9e6
Add extra protection in Upload#get_from_url.
...
In case the extension goes missing from the URL.
2018-09-14 10:49:34 +08:00
39a2d92417
FIX: don't index urls to local files
2018-09-14 12:31:35 +10:00
74eec1849d
FIX: ignore and log bad json values for custom fields
2018-09-13 17:42:48 +05:30
f31758cc70
FIX: Uploads not being linked correctly to posts.
...
Regression due to 1f636c445b
2018-09-11 23:54:07 -07:00
8922a91c1c
Version bump to v2.1.0
2018-09-10 19:39:59 -04:00
ea7ee8e9f7
Merge master
2018-09-10 19:39:09 -04:00
a5ae7ee8e2
SECURITY: correct edge case when SSO provides unvalidated emails
2018-09-11 08:25:19 +10:00
e64402cb3b
SECURITY: correct edge case when SSO provides unvalidated emails
2018-09-11 08:24:02 +10:00
80eace4268
Merge pull request #6383 from discourse/fix_username_suggester
...
FIX: don't raise an error on integer usernames in user_name_suggester
2018-09-11 00:30:29 +05:30
4653627a40
update plugin-translations.rb script to update .tx/config file in plugins when languages are added or removed
2018-09-10 14:22:45 -04:00
6afc86398c
Update translations
2018-09-10 13:29:07 -04:00
81c87df18a
FIX: don't raise an error on integer usernames
2018-09-10 22:17:56 +05:30
1d41f3c3fb
Merge pull request #6380 from discourse/rake-destroy-sub-category
...
FIX: Allow `rake destroy:topics` to delete topics in sub-categories
2018-09-10 10:26:04 -06:00
2b7e50cab8
Prevent fade-out from overlapping button in admin nav
2018-09-10 11:25:41 -04:00
94ff428571
Pass the right value to rake task.
2018-09-10 20:07:28 +08:00
84fc7abb73
FIX: Allow rake destroy:topics to delete topics in sub-categories
2018-09-10 12:52:14 +01:00
4a966c639d
DEV: Update uploads:list_posts_with_broken_images to recover from tombstone.
2018-09-10 17:01:41 +08:00
