rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app
History
Andras Bacsai 3fdce06b65 fix(storage): consistent path validation and escaping for file volumes 
Ensure all file volume paths are validated and properly escaped before
use. Previously, only directory mount paths were validated at the input
layer — file mount paths now receive the same treatment across Livewire
components, API controllers, and the model layer.

- Validate and escape fs_path at the top of saveStorageOnServer() before
  any commands are built
- Add path validation to submitFileStorage() in Storage Livewire component
- Add path validation to file mount creation in Applications, Services,
  and Databases API controllers
- Add regression tests for path validation coverage

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-25 23:44:37 +01:00
..
Actions feat(proxy): validate stored config matches current proxy type 2026-03-24 21:32:34 +01:00
Console feat(sync): sync install.sh, docker-compose, and env files to GitHub 2026-03-25 07:07:22 +01:00
Contracts refactor: streamline job status retrieval and clean up repository interface 2025-01-10 19:53:13 +01:00
Data feat(proxy): add Traefik version tracking with notifications and dismissible UI warnings 2025-11-18 14:53:49 +01:00
Enums Add new role enum and apply authorization 2024-10-28 17:08:24 +01:00
Events Make proxy restart run as background job to prevent localhost lockout 2025-12-03 10:30:12 +01:00
Exceptions feat(api): Improve OpenAPI spec and add rate limit handling for Hetzner 2025-12-11 12:12:43 +01:00
Helpers fix(ssh): handle chmod failures gracefully and simplify key management 2026-03-16 21:27:10 +01:00
Http fix(storage): consistent path validation and escaping for file volumes 2026-03-25 23:44:37 +01:00
Jobs feat(deployment): add command_hidden flag to hide command text in logs (#9167) 2026-03-25 20:51:07 +01:00
Listeners fix(proxy): defer UI refresh until Traefik version check completes 2025-12-27 15:16:58 +01:00
Livewire fix(storage): consistent path validation and escaping for file volumes 2026-03-25 23:44:37 +01:00
Models fix(storage): consistent path validation and escaping for file volumes 2026-03-25 23:44:37 +01:00
Notifications Fix: Allow test emails to be sent to any email address 2025-12-12 11:12:19 +01:00
Policies chore: prepare for PR 2026-02-25 11:18:46 +01:00
Providers Remove webhook maintenance mode replay feature 2025-12-02 13:36:32 +01:00
Repositories refactor: streamline job status retrieval and clean up repository interface 2025-01-10 19:53:13 +01:00
Rules feat(validation): make hostname validation case-insensitive and expand allowed characters 2026-03-24 08:03:08 +01:00
Services refactor: remove verbose logging and use explicit exception types 2026-03-20 15:57:26 +01:00
Support fix(validation): allow ampersands and quotes in shell-safe command pattern 2026-03-25 20:27:21 +01:00
Traits feat(deployment): add command_hidden flag to hide command text in logs 2026-03-25 16:48:49 +01:00
View/Components feat: add availableSharedVariables method and enhance env-var-input component for better password handling 2025-11-27 10:23:46 +01:00