rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Actions
History
Andras Bacsai fcd574e1eb fix(log-drain): prevent command injection by base64-encoding environment variables 
Replace direct shell interpolation of environment values with base64 encoding
to prevent command injection attacks. Environment configuration is now built as
a single string, base64-encoded, then decoded to file atomically.

Also add regex validation to restrict environment field values to safe
characters (alphanumeric, underscore, hyphen, dot) at the application layer.

Fixes GHSA-3xm2-hqg8-4m2p
2026-03-10 22:22:51 +01:00
..
Application fix(restart): reset restart count when resource is manually stopped 2025-12-27 15:21:19 +01:00
CoolifyTask refactor(proxy-status): refactored how the proxy status is handled on the UI and on the backend 2025-06-06 14:47:54 +02:00
Database Merge remote-tracking branch 'origin/next' into fix/configurable-proxy-timeout 2026-03-10 10:01:46 +01:00
Docker chore: prepare for PR 2026-03-10 18:34:37 +01:00
Fortify fix(user): ensure email attributes are stored in lowercase for consistency and prevent case-related issues 2025-09-05 17:44:34 +02:00
Proxy Merge branch 'next' into shadow/fix-docker-time-command 2025-11-28 10:25:42 +01:00
Server fix(log-drain): prevent command injection by base64-encoding environment variables 2026-03-10 22:22:51 +01:00
Service Fix: Cancel in-progress deployments when stopping service 2025-12-04 08:23:32 +01:00
Shared fix: don't show health status for exited containers 2025-11-24 09:09:37 +01:00
Stripe fix(subscription): harden quantity updates and proxy trust behavior 2026-03-03 12:28:16 +01:00
User Changes auto-committed by Conductor 2025-10-16 17:13:47 +02:00