rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Livewire
History
Andras Bacsai 096d4369e5 fix(sentinel): add token validation to prevent command injection 
Add validation to ensure sentinel tokens contain only safe characters
(alphanumeric, dots, hyphens, underscores, plus, forward slash, equals),
preventing OS command injection vulnerabilities when tokens are
interpolated into shell commands.

- Add ServerSetting::isValidSentinelToken() validation method
- Validate tokens in StartSentinel action and metrics queries
- Improve shell argument escaping with escapeshellarg()
- Add comprehensive test coverage for token validation
2026-03-10 22:19:19 +01:00
..
Admin
Boarding fix(server): improve IP uniqueness validation with team-specific error messages 2026-02-12 08:10:59 +01:00
Destination refactor(redirect): replace redirect calls with redirectRoute helper for consistency 2025-12-26 13:29:59 +01:00
Notifications feat(proxy): add Traefik version tracking with notifications and dismissible UI warnings 2025-11-18 14:53:49 +01:00
Profile fix(user): ensure email attributes are stored in lowercase for consistency and prevent case-related issues 2025-09-05 17:44:34 +02:00
Project Squashed commit from '565g-9j4m-wqmr-cross-team-idor-logs-fix' 2026-03-10 22:11:52 +01:00
Security refactor: remove duplicated validation messages 2026-01-05 13:15:14 +01:00
Server fix(sentinel): add token validation to prevent command injection 2026-03-10 22:19:19 +01:00
Settings fix(server): handle limit edge case and IPv6 allowlist dedupe 2026-03-03 17:03:46 +01:00
SharedVariables feat: add comment field to shared environment variables 2025-12-27 15:24:09 +01:00
Source/Github refactor(redirect): replace redirect calls with redirectRoute helper for consistency 2025-12-26 13:29:59 +01:00
Storage refactor: remove duplicated validation messages 2026-01-05 13:15:14 +01:00
Subscription fix(subscription): harden quantity updates and proxy trust behavior 2026-03-03 12:28:16 +01:00
Tags
Team refactor: remove duplicated validation messages 2026-01-05 13:15:14 +01:00
Terminal feat: replace terminal dropdown with searchable datalist component 2025-10-12 14:57:45 +02:00
ActivityMonitor.php fix(user): complete User model fixes for non-web contexts 2025-12-28 13:55:55 +01:00
Dashboard.php refactor: replace queries with cached versions for performance improvements 2025-12-08 13:39:33 +01:00
DeploymentsIndicator.php Refactor deployment indicator to use server-side route detection 2025-12-11 09:39:56 +01:00
ForcePasswordReset.php
GlobalSearch.php chore: prepare for PR 2026-02-18 11:20:32 +01:00
Help.php fix(feedback): update feedback email address to improve communication with users 2025-09-11 20:23:07 +02:00
LayoutPopups.php
MonacoEditor.php Merge branch 'next' into andrasbacsai/livewire-model-binding 2025-10-16 11:05:29 +02:00
NavbarDeleteTeam.php refactor(redirect): replace redirect calls with redirectRoute helper for consistency 2025-12-26 13:29:59 +01:00
SettingsBackup.php fix validation on a few views 2025-10-06 21:25:24 +02:00
SettingsDropdown.php feat(ui): display current version in settings dropdown and update UI accordingly 2025-09-01 16:23:14 +02:00
SettingsEmail.php fix(email-notifications): change notify method to notifyNow for immediate test email delivery 2025-06-04 17:10:06 +02:00
SettingsOauth.php fix: add null checks and validation to OAuth bulk update method 2025-10-27 17:04:33 +01:00
SwitchTeam.php
Upgrade.php Widen upgrade popup and add dev mode simulation 2025-12-17 10:59:38 +01:00
VerifyEmail.php