rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Http/Controllers/Api
History
Andras Bacsai b3256d4df1 fix(security): harden model assignment and sensitive data handling 
Restrict mass-assignable attributes across user/team/redis models and
switch privileged root/team creation paths to forceFill/forceCreate.

Encrypt legacy ClickHouse admin passwords via migration and cast the
correct ClickHouse password field as encrypted.

Tighten API and runtime exposure by removing sensitive team fields from
responses and sanitizing Git/compose error messages.

Expand security-focused feature coverage for command-injection and mass
assignment protections.
2026-03-29 20:56:04 +02:00
..
ApplicationsController.php fix: add mass assignment protection to models 2026-03-28 12:32:57 +01:00
CloudProviderTokensController.php fix(docs): remove incorrect uuid format in openapi spec (#7419) 2026-01-04 16:16:19 +01:00
DatabasesController.php fix: add mass assignment protection to models 2026-03-28 12:32:57 +01:00
DeployController.php fix(api): cast teamId to int in deployment authorization check 2026-03-12 13:25:10 +01:00
GithubController.php fix: add URL validation for GitHub source api_url and html_url fields 2026-03-26 13:45:33 +01:00
HetznerController.php refactor(team): make server limit methods accept optional team parameter 2026-03-23 21:56:50 +01:00
OpenApi.php feat(api): Improve OpenAPI spec and add rate limit handling for Hetzner 2025-12-11 12:12:43 +01:00
OtherController.php fix: missing 422 error code in openapi spec 2025-10-12 14:20:45 +02:00
ProjectController.php fix(docs): remove incorrect uuid format in openapi spec (#7419) 2026-01-04 16:16:19 +01:00
ResourcesController.php feat(auth): implement comprehensive authorization checks across API controllers 2025-08-23 18:51:10 +02:00
ScheduledTasksController.php fix(api): improve scheduled tasks validation and delete logic 2026-02-18 14:30:44 +01:00
SecurityController.php fix: add mass assignment protection to models 2026-03-28 12:32:57 +01:00
ServersController.php fix(api): validate server ownership in domains endpoint and scope activity lookups 2026-03-25 16:20:53 +01:00
ServicesController.php fix(api): add volume name validation to storage API endpoints 2026-03-26 12:17:39 +01:00
TeamController.php fix(security): harden model assignment and sensitive data handling 2026-03-29 20:56:04 +02:00