Mirrors/mealie
1
0
Fork 0
mirror of https://github.com/mealie-recipes/mealie.git synced 2025-11-01 18:53:59 -04:00
Code Issues Packages Projects Releases Wiki Activity

security: multiple reported CVE fixes (#1515)

Browse Source 
* update out of date license

* update typing / refactor

* fix arbitrarty path injection

* use markdown sanatizer to prevent XSS CWE-79

* fix CWE-918 SSRF by validating url and mime type

* add security docs

* update recipe-scrapers

* resolve DOS from arbitrary url

* update changelog

* bump version

* add ref to #1506

* add #1511 to changelog

* use requests decoder

* actually fix encoding issue
This commit is contained in:
Hayden
2022-07-31 13:10:20 -08:00
committed by GitHub
parent 483f789b8e
commit 13850cda1f
23 changed files with 401 additions and 118 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
frontend/types/components.d.ts vendored
View File

@@ -21,6 +21,7 @@ import ToggleState from "@/components/global/ToggleState.vue";
import ContextMenu from "@/components/global/ContextMenu.vue";
import AppButtonCopy from "@/components/global/AppButtonCopy.vue";
import CrudTable from "@/components/global/CrudTable.vue";
import SafeMarkdown from "@/components/global/SafeMarkdown.vue";
import InputColor from "@/components/global/InputColor.vue";
import BaseDivider from "@/components/global/BaseDivider.vue";
import AutoForm from "@/components/global/AutoForm.vue";
@@ -59,6 +60,7 @@ declare module "vue" {
ContextMenu: typeof ContextMenu;
AppButtonCopy: typeof AppButtonCopy;
CrudTable: typeof CrudTable;
SafeMarkdown: typeof SafeMarkdown;
InputColor: typeof InputColor;
BaseDivider: typeof BaseDivider;
AutoForm: typeof AutoForm;