rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app
History
Andras Bacsai 096d4369e5 fix(sentinel): add token validation to prevent command injection 
Add validation to ensure sentinel tokens contain only safe characters
(alphanumeric, dots, hyphens, underscores, plus, forward slash, equals),
preventing OS command injection vulnerabilities when tokens are
interpolated into shell commands.

- Add ServerSetting::isValidSentinelToken() validation method
- Validate tokens in StartSentinel action and metrics queries
- Improve shell argument escaping with escapeshellarg()
- Add comprehensive test coverage for token validation
2026-03-10 22:19:19 +01:00
..
Actions fix(sentinel): add token validation to prevent command injection 2026-03-10 22:19:19 +01:00
Console feat(jobs): optimize async job dispatches and enhance Stripe subscription sync 2026-02-28 13:18:44 +01:00
Contracts
Data feat(proxy): add Traefik version tracking with notifications and dismissible UI warnings 2025-11-18 14:53:49 +01:00
Enums
Events Make proxy restart run as background job to prevent localhost lockout 2025-12-03 10:30:12 +01:00
Exceptions feat(api): Improve OpenAPI spec and add rate limit handling for Hetzner 2025-12-11 12:12:43 +01:00
Helpers chore: prepare for PR 2026-03-03 11:51:38 +01:00
Http Fix/wrong destinations api (#8646) 2026-03-05 16:32:09 +01:00
Jobs fix(push-server): track last_online_at and reset database restart state 2026-03-10 21:46:26 +01:00
Listeners fix(proxy): defer UI refresh until Traefik version check completes 2025-12-27 15:16:58 +01:00
Livewire fix(sentinel): add token validation to prevent command injection 2026-03-10 22:19:19 +01:00
Models fix(sentinel): add token validation to prevent command injection 2026-03-10 22:19:19 +01:00
Notifications Fix: Allow test emails to be sent to any email address 2025-12-12 11:12:19 +01:00
Policies chore: prepare for PR 2026-02-25 11:18:46 +01:00
Providers Remove webhook maintenance mode replay feature 2025-12-02 13:36:32 +01:00
Repositories
Rules fix(server): handle limit edge case and IPv6 allowlist dedupe 2026-03-03 17:03:46 +01:00
Services feat(scheduler): add pagination to skipped jobs and filter manager start events 2026-02-28 16:23:58 +01:00
Support fix(validation): add @, / and & support to names and descriptions 2026-01-19 18:50:56 +01:00
Traits fix(sentinel): add token validation to prevent command injection 2026-03-10 22:19:19 +01:00
View/Components feat: add availableSharedVariables method and enhance env-var-input component for better password handling 2025-11-27 10:23:46 +01:00