| 8534 |
set up github codeql |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8526 |
improve session cookie handling NEEDS CONFIG CHANGES |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8335 |
Generic search doesn't do permission checks |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8255 |
Escape html on wiki & blog diff views |
closed |
Dave Brondsema
|
security |
Kenton Taylor |
0 |
|
| 8190 |
HTTP response splitting vulnerability on return_to param CVE-2018-1319 |
closed |
Dave Brondsema
|
security |
Kenton Taylor |
0 |
|
| 8180 |
StaticFilesMiddleware allows directory traversal |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8153 |
Stronger no-cache headers |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8140 |
After password change, change current session id |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8127 |
Fix how we write the .google_authenticator file |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8126 |
Rate limiting for two-factor auth |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8125 |
Require password when confirming new email address |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8121 |
Show security / audit log to users |
open |
|
security |
|
1 |
|
| 8119 |
U2F for multifactor auth |
open |
|
security |
|
0 |
|
| 8118 |
2FA recovery codes |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8117 |
Implement core 2FA |
closed |
Dave Brondsema
|
security |
|
0 |
|
| 8011 |
Served SVG images can execute JS |
closed |
Dave Brondsema
|
security, sf-2 |
Heith Seewald |
0 |
|
| 7947 |
XSS vulnerability in link rewriting |
closed |
Dave Brondsema
|
security, sf-2 |
Heith Seewald |
0 |
|
| 7942 |
In project admin - user permissions, removing a custom group needs to use POST |
closed |
Dave Brondsema
|
security, sf-1 |
Heith Seewald |
0 |
|
| 7893 |
CSRF checks don't work on login |
closed |
Dave Brondsema
|
security, sf-2 |
Igor Bondarenko |
0 |
|
| 7799 |
Changing password should invalidate other sessions |
closed |
Dave Brondsema
|
security |
Igor Bondarenko |
0 |
|