rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app
History
Andras Bacsai b81baff4b1 fix: improve logging and add shell escaping for git ls-remote 
Two improvements to Git deployment handling:

1. **ApplicationDeploymentJob.php**:
   - Fixed log message to show actual resolved commit SHA (`$this->commit`)
   - Previously showed `$this->application->git_commit_sha` which could be "HEAD"
   - Now displays the actual 40-character commit SHA that will be deployed

2. **Application.php (generateGitLsRemoteCommands)**:
   - Added `escapeshellarg()` for repository URL in 'other' deployment type
   - Prevents shell injection in git ls-remote commands
   - Complements existing shell escaping in `generateGitImportCommands`
   - Ensures consistent security across all Git operations

**Security Impact:**
- All Git commands now use properly escaped repository URLs
- Prevents command injection through malicious repository URLs
- Consistent escaping in both ls-remote and clone operations

**User Experience:**
- Deployment logs now show exact commit SHA being deployed
- More accurate debugging information for deployment issues

Co-Authored-By: Claude <noreply@anthropic.com>
2025-10-14 20:44:35 +02:00
..
Actions fix: prevent container name conflict when updating database port mappings 2025-10-13 10:01:54 +02:00
Console feat: add artisan command to clear global search cache 2025-10-11 13:36:14 +02:00
Contracts refactor: streamline job status retrieval and clean up repository interface 2025-01-10 19:53:13 +01:00
Data Revert "rector: arrrrr" 2025-01-07 15:31:43 +01:00
Enums Add new role enum and apply authorization 2024-10-28 17:08:24 +01:00
Events work work on hetzner integration 2025-10-09 16:54:13 +02:00
Exceptions feat(exceptions): introduce NonReportableException to handle known errors and update Handler for selective reporting 2025-09-08 09:18:25 +02:00
Helpers feat(ssh-multiplexing): add connection age metadata handling to improve multiplexed connection management 2025-09-10 08:38:36 +02:00
Http Merge pull request #6860 from coollabsio/fix-api-env-vars-fields 2025-10-13 10:45:35 +02:00
Jobs fix: improve logging and add shell escaping for git ls-remote 2025-10-14 20:44:35 +02:00
Listeners refactor(proxy): streamline proxy status handling and improve dashboard availability checks 2025-06-11 12:02:39 +02:00
Livewire fix: add authorization checks to database Livewire components 2025-10-14 17:33:42 +02:00
Models fix: improve logging and add shell escaping for git ls-remote 2025-10-14 20:44:35 +02:00
Notifications Merge pull request #6837 from coollabsio/andrasbacsai/custom-webhooks 2025-10-12 10:57:47 +02:00
Policies feat: add cloud-init script support for Hetzner server creation 2025-10-10 19:37:16 +02:00
Providers fix: register WebhookNotificationSettings with NotificationPolicy 2025-10-10 17:48:14 +02:00
Repositories refactor: streamline job status retrieval and clean up repository interface 2025-01-10 19:53:13 +01:00
Rules feat: add YAML validation for cloud-init scripts 2025-10-11 13:56:55 +02:00
Services debug: add ray logging for Hetzner createServer API request/response 2025-10-11 11:17:44 +02:00
Support feat(validation): centralize validation patterns for names and descriptions 2025-08-19 12:14:48 +02:00
Traits Merge pull request #6837 from coollabsio/andrasbacsai/custom-webhooks 2025-10-12 10:57:47 +02:00
View/Components feat: add support for selecting additional SSH keys from Hetzner in server creation form 2025-10-10 12:17:05 +02:00