rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Actions
History
Andras Bacsai 096d4369e5 fix(sentinel): add token validation to prevent command injection 
Add validation to ensure sentinel tokens contain only safe characters
(alphanumeric, dots, hyphens, underscores, plus, forward slash, equals),
preventing OS command injection vulnerabilities when tokens are
interpolated into shell commands.

- Add ServerSetting::isValidSentinelToken() validation method
- Validate tokens in StartSentinel action and metrics queries
- Improve shell argument escaping with escapeshellarg()
- Add comprehensive test coverage for token validation
2026-03-10 22:19:19 +01:00
..
Application fix(restart): reset restart count when resource is manually stopped 2025-12-27 15:21:19 +01:00
CoolifyTask refactor(proxy-status): refactored how the proxy status is handled on the UI and on the backend 2025-06-06 14:47:54 +02:00
Database Merge remote-tracking branch 'origin/next' into fix/configurable-proxy-timeout 2026-03-10 10:01:46 +01:00
Docker chore: prepare for PR 2026-03-10 18:34:37 +01:00
Fortify fix(user): ensure email attributes are stored in lowercase for consistency and prevent case-related issues 2025-09-05 17:44:34 +02:00
Proxy Merge branch 'next' into shadow/fix-docker-time-command 2025-11-28 10:25:42 +01:00
Server fix(sentinel): add token validation to prevent command injection 2026-03-10 22:19:19 +01:00
Service Fix: Cancel in-progress deployments when stopping service 2025-12-04 08:23:32 +01:00
Shared fix: don't show health status for exited containers 2025-11-24 09:09:37 +01:00
Stripe fix(subscription): harden quantity updates and proxy trust behavior 2026-03-03 12:28:16 +01:00
User Changes auto-committed by Conductor 2025-10-16 17:13:47 +02:00