Activity for Apache Allura™
-
Dillon Walls modified ticket #8601
email auth verification by link
-
looks good, merged. There are a few more improvements we could make, but this is a considerable step in the right direction.
-
[#8601] avoid flash samesite cookie issues by showing error on the page directly
-
[#8601] Do email verification for untrusted logins even if they did multifactor (protects against MITM attacks)
-
[#8601] use full domain in link for plaintext mail version to be better
-
[#8601] update precommit hook for .md.jinja2 and update hook to published version now
-
[#8601] consistent file extension for mail templates
-
[#8601] remove very old and not helpful showbrowser() on test assertion failures
-
[#8601] use link instead of code for email auth, and longer code
-
Dave Brondsema committed [fd129f] on Git
[#8602] increment bugfix_rev to invalidate template cache
-
[#8602] do not treat periods in text as external urls to be displayed as warnings
-
tweak show domain on external links
-
[#8602] increment bugfix_rev to invalidate template cache
-
fixup! [#8602] do not treat periods in text as external urls to be displayed as warnings
-
various security tightening
-
[#8601] avoid flash samesite cookie issues by showing error on the page directly
-
[#11283] Remove plaintext author username field from from_username query
-
Remove reference to plaintext author username field in Snapshot's from_username method
-
encrypt snapshot author nested fields
-
Encrypt snapshot author nested fields
-
[#8602] do not treat periods in text as external urls to be displayed as warnings
-
tweak show domain on external links
-
Guillermo Cruz committed [83e27e] on Git
bump gitpython 3.1.46 -> 3.1.47
-
Carlos Cruz committed [8f05a7] on Git
Remove dead ProjectUserSelect code
-
[#11102] Implement field level encryption for User's display_name_field
-
[#11102] Add the display_name_encrypted field to the User class
-
remove pygments optimization no longer needed
-
add limit option to convert_encrypted_field.py
-
Fix convert plaintext to encrypted script to support nested fields
-
Fix convert_encrypted_field for nested field attributes
-
Python Packages Upgrade
-
merged!
-
[#8601] Do email verification for untrusted logins even if they did multifactor (protects against MITM attacks)
-
[#8601] use full domain in link for plaintext mail version to be better
-
[#8601] update precommit hook for .md.jinja2 and update hook to published version now
-
[#8601] consistent file extension for mail templates
-
[#8601] remove very old and not helpful showbrowser() on test assertion failures
-
[#8601] use link instead of code for email auth, and longer code
-
email auth verification by link
-
db/8601
-
email auth verification by link
-
Daniel Castillo committed [ba211a] on Git
[#8600] Upgrade lxml 6.0.4 -> 6.1.0
-
[#8600] Upgrade boto3 1.42.89 -> no upgrade
-
[#8600] Upgrade setuptools 81.0.0 -> no upgrade
-
[#8600] Upgrade pre_commit 4.5.1 -> no upgrade
-
[#8600] Upgrade gunicorn 25.3.0 -> no upgrade
-
[#8600] Upgrade pytest-sugar 1.1.1 -> no upgrade
-
[#8600] Upgrade pytest-xdist 3.8.0 -> no upgrade
-
[#8600] Upgrade pytest 9.0.3 -> no upgrade
-
[#8600] Upgrade ruff 0.15.10 -> no upgrade
-
[#8600] Upgrade requests-oauthlib 2.0.0 -> no upgrade
-
[#8600] Upgrade requests 2.33.1 -> no upgrade
-
[#8600] Upgrade pysolr 3.11.0 -> no upgrade
-
[#8600] Upgrade pymongo 4.16.0 -> no upgrade
-
[#8600] Upgrade PasteScript 3.7.0 -> no upgrade
-
[#8600] Upgrade Paste 3.10.1 -> no upgrade
-
[#8600] Upgrade Ming 0.17.0 -> no upgrade
-
[#8600] Upgrade Markdown 3.10.1 -> 3.10.2
-
[#8600] Upgrade lxml 6.0.4 -> no upgrade
-
[#8600] Upgrade idna 3.11 -> no upgrade
-
[#8600] Upgrade GitPython 3.1.46 -> no upgrade, and its deps: smmap
-
[#8600] Upgrade EasyWidgets 0.4.3 -> no upgrade
-
[#8600] Upgrade beaker-session-jwt 1.0.4 -> no upgrade
-
[#8600] Upgrade ActivityStream 0.5.1 -> no upgrade
-
Python Packages Upgrade
-
Remove reference to plaintext author username field in Snapshot's from_username method
-
Fix convert_encrypted_field for nested field attributes
-
bump Pillow 12.1.1 -> 12.2.0
-
bump pytest 9.0.2 -> 9.0.3
-
support nested encrypted field migration paths
-
Support nested encrypted field migration paths
-
bump cryptography 46.0.6 -> 46.0.7
-
Kenton Taylor modified ticket #8599
show domain on external links, if misleading
-
[#8599] detect potentially misleading links and show the destination domain afterwards
-
[#8599] detect potentially misleading links and show the destination domain afterwards
-
show domain on external links, if misleading
-
db/8599 images that are links are not handled on this ticket. Should we do something about it in a next ticket? There could be images that look like text. But it could be annoying to show a domain after every image link (especially a row of badges) another overall consideration instead of appending (evil.com) or in addition to that, we could have a popup when clicking on it to confirm you're ok going to the site. Seems like more work than is worth it
-
Escape specific values in notification emails
-
bump pygments 2.19.2 -> 2.20.0
-
bump cryptography 46.0.5 -> 46.0.6
-
show domain on external links, if misleading
-
Encrypt snapshot author nested fields
-
Support nested encrypted field migration paths
-
restore original code in _verify_return_to
-
additional tests added to catch redirection attacks
-
bump requests 2.32.5 -> 2.33.0
-
[#8596] test updates
-
[#8596] add test for email notification that send markdown content
-
fixup! fixup! [#8596] add test for email notification that send markdown content
-
fixup! [#8596] add test for email notification that send markdown content
-
[#8596] add test for email notification that send markdown content
-
[#8596] escape markdown and also html in notification email templates
-
fixup! [#8596] add test for email notification that send markdown content
-
fixup CHANGES note on underscore library upgrade
-
Upgrade Underscore Library
-
merged
-
Pass more context to the project_deleted event
-
[#8598] Upgrade underscore from 1.13.6 -> 1.13.8
-
Upgrade Underscore Library
-
[#8596] add test for email notification that send markdown content