mirror of
https://forgejo.ellis.link/continuwuation/continuwuity.git
synced 2025-09-12 07:02:58 +02:00
Compare commits
30 commits
7f5150acdc
...
f5655ea0d5
| Author | SHA1 | Date | |
|---|---|---|---|
|
f5655ea0d5 | ||
|
|
8b5cdb1471 | ||
|
|
88d68d148f | ||
|
|
c013d06e7b | ||
|
|
b66154b05d | ||
|
|
d54d2fdedc | ||
|
|
3fe99fbfe7 | ||
|
51185daca2 |
||
|
|
6e438c8448 |
||
|
|
2a66f81040 | ||
|
|
712c8f4f89 | ||
|
|
afbb1b52ed | ||
|
|
e6aae8a994 |
||
|
|
cfff12190e |
||
|
|
5ea42418f7 |
||
|
|
3ebac17291 |
||
|
|
b44211c03e |
||
|
|
f7bdfdb5e5 | ||
|
|
e9d103e3de | ||
|
|
911345fd2c | ||
|
|
463e367d7b | ||
|
cb15ac3c01 | ||
|
|
bad37eaf0d | ||
|
|
3bb5710356 | ||
|
|
64519ac672 | ||
|
|
24cd34ee98 |
||
|
|
eda20ac4f5 |
||
|
74cf5445cc |
||
|
|
980e2bb8d5 |
||
|
|
490a5d087e |
4 changed files with 6 additions and 15 deletions
|
|
@ -180,7 +180,7 @@ jobs:
|
||||||
file: "docker/Dockerfile"
|
file: "docker/Dockerfile"
|
||||||
build-args: |
|
build-args: |
|
||||||
GIT_COMMIT_HASH=${{ github.sha }})
|
GIT_COMMIT_HASH=${{ github.sha }})
|
||||||
GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
|
GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }})
|
||||||
GIT_REMOTE_URL=${{github.event.repository.html_url }}
|
GIT_REMOTE_URL=${{github.event.repository.html_url }}
|
||||||
GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
|
GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
|
||||||
platforms: ${{ matrix.platform }}
|
platforms: ${{ matrix.platform }}
|
||||||
|
|
|
||||||
|
|
@ -20,10 +20,10 @@ We may backport fixes to the previous release at our discretion, but we don't gu
|
||||||
|
|
||||||
We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
|
We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
|
||||||
|
|
||||||
1. **Contact members of the team directly** over E2EE private message.
|
1. Contact members of the team over E2EE private message.
|
||||||
- [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
|
- [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
|
||||||
- [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
|
- [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
|
||||||
2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
|
2. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
|
||||||
3. **Do not disclose the vulnerability publicly** until it has been addressed
|
3. **Do not disclose the vulnerability publicly** until it has been addressed
|
||||||
4. **Provide detailed information** about the vulnerability, including:
|
4. **Provide detailed information** about the vulnerability, including:
|
||||||
- A clear description of the issue
|
- A clear description of the issue
|
||||||
|
|
@ -48,7 +48,7 @@ When you report a security vulnerability:
|
||||||
|
|
||||||
When security vulnerabilities are identified:
|
When security vulnerabilities are identified:
|
||||||
|
|
||||||
1. We will develop and test fixes in a private fork
|
1. We will develop and test fixes in a private branch
|
||||||
2. Security updates will be released as soon as possible
|
2. Security updates will be released as soon as possible
|
||||||
3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
|
3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
|
||||||
4. Critical security updates may be backported to the previous stable release
|
4. Critical security updates may be backported to the previous stable release
|
||||||
|
|
|
||||||
|
|
@ -125,13 +125,13 @@ pub(super) enum DebugCommand {
|
||||||
reset: bool,
|
reset: bool,
|
||||||
},
|
},
|
||||||
|
|
||||||
/// - Sign JSON blob
|
/// - Verify json signatures
|
||||||
///
|
///
|
||||||
/// This command needs a JSON blob provided in a Markdown code block below
|
/// This command needs a JSON blob provided in a Markdown code block below
|
||||||
/// the command.
|
/// the command.
|
||||||
SignJson,
|
SignJson,
|
||||||
|
|
||||||
/// - Verify JSON signatures
|
/// - Verify json signatures
|
||||||
///
|
///
|
||||||
/// This command needs a JSON blob provided in a Markdown code block below
|
/// This command needs a JSON blob provided in a Markdown code block below
|
||||||
/// the command.
|
/// the command.
|
||||||
|
|
|
||||||
|
|
@ -219,15 +219,6 @@ pub fn check(config: &Config) -> Result {
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check if support contact information is configured
|
|
||||||
if config.well_known.support_email.is_none() && config.well_known.support_mxid.is_none() {
|
|
||||||
warn!(
|
|
||||||
"No support contact information (support_email or support_mxid) is configured in \
|
|
||||||
the well_known section. Users in the admin room will be automatically listed as \
|
|
||||||
support contacts in the /.well-known/matrix/support endpoint."
|
|
||||||
);
|
|
||||||
}
|
|
||||||
|
|
||||||
if config
|
if config
|
||||||
.url_preview_domain_contains_allowlist
|
.url_preview_domain_contains_allowlist
|
||||||
.contains(&"*".to_owned())
|
.contains(&"*".to_owned())
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue