ghost

mirror of https://github.com/TryGhost/Ghost.git synced 2025-03-11 02:12:21 -05:00

History

Kevin Ansfield 4773939670 🔒 Improved validation of fetched urls and responses in oembed endpoint no issue - prevent oembed fetching from accessing IP addresses or localhost domains - prevent oembed endpoint from passing through fetched responses as-is - reject any fetched data that does not validate against the oembed spec - strip any unknown properties from the oembed response before returning Credits: Nick Mykhailyshyn		2020-03-09 10:42:25 +00:00
..
adapters	Handled missing resource path for resized images	2020-02-22 10:12:57 +00:00
api	🔒 Improved validation of fetched urls and responses in oembed endpoint	2020-03-09 10:42:25 +00:00
config	🐛 Fixed csv file uploads on Windows w/Excel installed	2019-11-26 15:11:05 +00:00
data	✨ Added member login resource to Admin API (#11607 )	2020-02-27 11:48:02 +08:00
lib	🐛 Fixed "undefined" values in member csv export	2020-02-12 11:03:16 +05:30
models	✨ Deleted all but active sessions on password change (#11639 )	2020-03-05 12:22:32 +02:00
public	Added minified members.js file handling	2020-02-26 14:08:10 +08:00
services	Fixed permission to only fetch for active users (#11641 )	2020-03-05 12:22:50 +02:00
translations	✨Added labels for Members (#11538 )	2020-02-14 15:03:10 +05:30
views
web	✨ Added member login resource to Admin API (#11607 )	2020-02-27 11:48:02 +08:00
analytics-events.js
ghost-server.js
index.js	Merge branch 'master' into mega	2019-11-18 11:09:46 +00:00
overrides.js
sentry.js	Added captureException helper to Sentry integration	2020-03-04 13:42:30 +00:00
update-check.js	Added site URL to Update Check body	2020-03-09 09:48:04 +00:00