rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
14663 commits 1 branch 0 tags 71 MiB
Commit graph

14663 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andras Bacsai
a565fc3b36 fix(rollback): escape commit SHA to prevent shell injection 
Properly escape commit SHA using escapeshellarg() before passing it
to shell commands. Add comprehensive tests for git commit rollback
scenarios including shallow clone, fallback behavior, and HEAD handling.
 2026-02-27 23:26:31 +01:00
Andras Bacsai
530037c213 Merge remote-tracking branch 'origin/next' into fix/rollback-uses-correct-commit 2026-02-27 23:24:08 +01:00
Andras Bacsai
6b2a669cb9 docs(sponsors): add huge sponsors section and reorganize list 
- Create new "Huge Sponsors" section with SerpAPI
- Move SerpAPI from Small Sponsors to Huge Sponsors
- Replace Dade2 with Darweb
- Add Greptile and MVPS as new sponsors
 2026-02-27 22:03:54 +01:00
Andras Bacsai
ce6859648a
fix(ssh): automatically fix SSH directory permissions during upgrade (#8635) 2026-02-27 14:45:29 +01:00
Andras Bacsai
2b7e2ebafb chore: prepare for PR 2026-02-26 16:27:02 +01:00
🏔️ Peak
78aea9a7ec
Merge branch 'v4.x' into next 2026-02-25 17:59:04 +01:00
Andras Bacsai
5a2547c879
fix(soketi): make host binding configurable for IPv6 support (#8619) 2026-02-25 12:24:25 +01:00
Andras Bacsai
9ec45bcf56 chore: prepare for PR 2026-02-25 12:18:50 +01:00
Andras Bacsai
c93296e9a6
feat(healthcheck): add command-based health check support (#8612) 2026-02-25 12:09:59 +01:00
Andras Bacsai
f3b63b4d8d
fix(scheduler): add self-healing for stale Redis locks and detection in UI (#8618) 2026-02-25 12:08:45 +01:00
Andras Bacsai
3e755338b4 fix(healthchecks): remove redundant newline sanitization from CMD healthcheck 
Simplify the CMD healthcheck generation by removing the str_replace call that
normalizes newlines. The command is now used directly without modification,
following the pattern of centralized command escaping in recent changes.
 2026-02-25 12:08:24 +01:00
Andras Bacsai
b88f9fca67 chore: prepare for PR 2026-02-25 12:07:29 +01:00
Andras Bacsai
3eb9426b95
fix(ca-cert): prevent command injection via base64 encoding (#8617) 2026-02-25 12:01:52 +01:00
Andras Bacsai
fe36b70680 chore: prepare for PR 2026-02-25 12:00:24 +01:00
Andras Bacsai
521d995ea1 Merge remote-tracking branch 'origin/next' into 7765-healthcheck-investigation 2026-02-25 11:57:58 +01:00
Andras Bacsai
12f8f80eb1
fix(api): add team authorization to domains_by_server endpoint (#8616) 2026-02-25 11:54:29 +01:00
Andras Bacsai
8e2f0836da chore: prepare for PR 2026-02-25 11:52:18 +01:00
Andras Bacsai
57848c25e9
fix(docker): centralize command escaping in executeInDocker helper (#8615) 2026-02-25 11:51:23 +01:00
Andras Bacsai
992b922df3 chore: prepare for PR 2026-02-25 11:50:57 +01:00
Andras Bacsai
0580af0d34 feat(healthchecks): add command health checks with input validation 
Add support for command-based health checks in addition to HTTP-based checks:
- New health_check_type field supporting 'http' and 'cmd' values
- New health_check_command field with strict regex validation
- Updated allowedFields in create_application and update_by_uuid endpoints
- Validation rules include max 1000 characters and safe character whitelist
- Added feature tests for health check API endpoints
- Added unit tests for GithubAppPolicy and SharedEnvironmentVariablePolicy
 2026-02-25 11:38:09 +01:00
Andras Bacsai
609cb4190e fix(health-checks): sanitize and validate CMD healthcheck commands 
- Add regex validation to restrict allowed characters (alphanumeric, spaces, and specific safe symbols)
- Enforce maximum 1000 character limit on healthcheck commands
- Strip newlines and carriage returns to prevent command injection
- Change input field from textarea to text input in UI
- Add warning callout about prohibited shell operators
- Add comprehensive validation tests for both valid and malicious command patterns
 2026-02-25 11:28:33 +01:00
Andras Bacsai
24abd51238
fix(auth): prevent cross-tenant IDOR in resource cloning (#8613) 2026-02-25 11:21:52 +01:00
Andras Bacsai
1759a1631c chore: prepare for PR 2026-02-25 11:18:46 +01:00
Andras Bacsai
65d4005493 Merge remote-tracking branch 'origin/next' into 7765-healthcheck-investigation 
# Conflicts:
#	app/Livewire/Project/Shared/HealthChecks.php
 2026-02-25 11:02:38 +01:00
Andras Bacsai
03a8621516
fix(health-checks): prevent command injection in health check commands (#8611) 2026-02-25 10:59:00 +01:00
Andras Bacsai
30c0b37689 chore: prepare for PR 2026-02-25 10:58:29 +01:00
Aditya Tripathi
036f565785
Merge branch 'next' into feat/healthcheck-cmd 2026-02-24 22:22:02 +05:30
Andras Bacsai
cb759b2846
fix(api): correct permission requirements for POST endpoints (#8600) 2026-02-24 14:57:51 +01:00
Andras Bacsai
d8419fad93 chore: prepare for PR 2026-02-24 14:57:32 +01:00
Tjeerd Smid
175e5b3c6d
Merge branch 'next' into fix/rollback-uses-correct-commit 2026-02-24 13:18:46 +01:00
Andras Bacsai
279322d50f
fix(input): prevent eye icon flash on password fields before Alpine.js loads (#8599) 2026-02-24 12:57:22 +01:00
Andras Bacsai
f39a1da7be
fix(auth): prevent CSRF redirect loop during 2FA challenge (#8596) 2026-02-24 12:57:10 +01:00
Andras Bacsai
448e922e6c chore: prepare for PR 2026-02-24 12:56:54 +01:00
Andras Bacsai
78e584a136
feat(service): upgrade beszel and beszel-agent to v0.18 (#8513) 2026-02-24 12:56:36 +01:00
Andras Bacsai
912e5f6db2
feat(service): disable pterodactyl panel and pterodactyl wings (#8512) 2026-02-24 12:55:52 +01:00
Andras Bacsai
f8de374f77
feat(service): disable plane (#8580) 2026-02-24 12:55:29 +01:00
Andras Bacsai
2986d7604e chore: prepare for PR 2026-02-24 10:17:16 +01:00
ShadowArcanist
b36d67288b feat(service): disable plane 
The latest version of plane v1.2.2 have security fixed but our template is using v1.0.0 which is 5 months behind the current latest. New version v1.2.2 doesn't work with our existing template so disabling it for now to prevent users from deploying a vulnerable version of plane
 2026-02-24 02:34:35 +05:30
Tjeerd Smid
1935403053 fix: application rollback uses correct commit sha 
- setGitImportSettings() now accepts optional $commit parameter
 - Uses passed commit over application's git_commit_sha (typically HEAD)
 - Fixes rollback deploying latest instead of selected commit
 - Also fixes shallow clone "bad object" error on rollback

Fixes #8445
 2026-02-23 20:13:07 +01:00
Andras Bacsai
021605dbf0
fix(deploy): split BuildKit and secrets detection (#8565) 2026-02-23 15:20:25 +01:00
Andras Bacsai
ec14b55f0a chore: prepare for PR 2026-02-23 14:28:28 +01:00
Andras Bacsai
2310ad5f7f
chore(ui): widen project heading nav spacing (#8564) 2026-02-23 14:17:38 +01:00
Andras Bacsai
6cacd2f0ff chore: prepare for PR 2026-02-23 14:17:15 +01:00
Andras Bacsai
46923f7e77
fix(applications): treat zero private_key_id as deploy key (#8563) 2026-02-23 14:16:11 +01:00
Andras Bacsai
620da191b1 chore: prepare for PR 2026-02-23 14:15:13 +01:00
Andras Bacsai
d71d91d63e fix(version): update coolify version to 4.0.0-beta.464 and nightly version to 4.0.0-beta.465 2026-02-23 13:47:26 +01:00
Andras Bacsai
1f3fca5f71
fix(database): chown redis/keydb configs when custom conf set (#8561) 2026-02-23 13:26:58 +01:00
Andras Bacsai
76a6960f44 chore: prepare for PR 2026-02-23 13:26:01 +01:00
Andras Bacsai
f68d60a373
chore(horizon): make max time configurable (#8560) 2026-02-23 13:25:13 +01:00
Andras Bacsai
b7b0dfeddd chore: prepare for PR 2026-02-23 13:24:49 +01:00