rosslh/coolify
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
coolify/app/Livewire/Server
History
Andras Bacsai fcd574e1eb fix(log-drain): prevent command injection by base64-encoding environment variables 
Replace direct shell interpolation of environment values with base64 encoding
to prevent command injection attacks. Environment configuration is now built as
a single string, base64-encoded, then decoded to file atomically.

Also add regex validation to restrict environment field values to safe
characters (alphanumeric, underscore, hyphen, dot) at the application layer.

Fixes GHSA-3xm2-hqg8-4m2p
2026-03-10 22:22:51 +01:00
..
CaCertificate chore: prepare for PR 2026-02-25 12:00:24 +01:00
CloudProviderToken improved hetzner features 2025-10-09 12:53:57 +02:00
New chore: prepare for PR 2026-03-03 11:51:38 +01:00
PrivateKey feat(private-key-refresh): add refresh dispatch on private key update and connection check 2025-09-23 16:49:59 +02:00
Proxy Add ValidProxyConfigFilename rule for dynamic proxy config validation 2025-12-09 16:12:45 +01:00
Security fix: skip password confirmation for OAuth users 2025-12-12 14:12:02 +01:00
Advanced.php Add deployment queue limit to prevent queue bombing 2025-12-04 13:52:27 +01:00
Charts.php
CloudflareTunnel.php feat(auth): implement authorization checks for server updates across multiple components 2025-08-22 13:02:11 +02:00
Create.php refactor: replace queries with cached versions for performance improvements 2025-12-08 13:39:33 +01:00
Delete.php refactor(redirect): replace redirect calls with redirectRoute helper for consistency 2025-12-26 13:29:59 +01:00
Destinations.php Optimize PushServerUpdateJob performance with batch updates and async jobs 2025-12-15 14:06:32 +01:00
DockerCleanup.php chore: prepare for PR 2026-02-25 12:07:29 +01:00
DockerCleanupExecutions.php
Index.php refactor: replace queries with cached versions for performance improvements 2025-12-08 13:39:33 +01:00
LogDrains.php fix(log-drain): prevent command injection by base64-encoding environment variables 2026-03-10 22:22:51 +01:00
Navbar.php Fix ineffective restartInitiated guard with proper debouncing 2025-12-04 08:57:03 +01:00
Proxy.php Merge branch 'next' into fix-traefik-startup 2025-11-28 17:54:48 +01:00
Resources.php Fix server resources tab 500 error with mixed model types 2025-12-17 18:13:55 +01:00
Sentinel.php fix(sentinel): add token validation to prevent command injection 2026-03-10 22:19:19 +01:00
Show.php chore: prepare for PR 2026-03-03 11:51:38 +01:00
Swarm.php refactor: move Swarm and Sentinel to dedicated sidebar menu items 2025-12-18 12:18:22 +01:00
ValidateAndInstall.php fix: resolve Docker validation race conditions and sudo prefix bug 2025-11-27 09:04:42 +01:00