mirror of
https://forgejo.ellis.link/continuwuation/continuwuity.git
synced 2025-07-06 18:06:11 +02:00
Compare commits
32 commits
f5655ea0d5
...
7f5150acdc
Author | SHA1 | Date | |
---|---|---|---|
|
7f5150acdc | ||
|
964b0f253b | ||
|
9d627dbaa1 | ||
|
2e10df716f | ||
|
b316bba0d9 | ||
|
a96f7afe71 | ||
|
d7dcffbd4a | ||
|
104ba42840 | ||
|
b0e077a393 | ||
|
9eccb491ca | ||
|
5abb4c9545 | ||
|
3097390f20 | ||
|
1c207afeaf | ||
|
f49bc6096a | ||
|
bc1f567d68 | ||
|
04d3ef76a0 | ||
|
64459f0032 | ||
|
91c850b5b2 | ||
|
06de58b0e8 | ||
|
a52d63869e | ||
|
493a4d3b0b | ||
|
2d0a120890 | ||
|
903e3431df | ||
|
00cbf9536c | ||
|
c62e24663f | ||
|
5a861d406a | ||
|
db50adc000 | ||
|
6c11e59c4a | ||
|
5d44653e3a | ||
|
44e60d0ea6 | ||
|
d7514178ab | ||
|
1d45e0b68c |
4 changed files with 15 additions and 6 deletions
|
@ -180,7 +180,7 @@ jobs:
|
|||
file: "docker/Dockerfile"
|
||||
build-args: |
|
||||
GIT_COMMIT_HASH=${{ github.sha }})
|
||||
GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }})
|
||||
GIT_COMMIT_HASH_SHORT=${{ env.COMMIT_SHORT_SHA }}
|
||||
GIT_REMOTE_URL=${{github.event.repository.html_url }}
|
||||
GIT_REMOTE_COMMIT_URL=${{github.event.head_commit.url }}
|
||||
platforms: ${{ matrix.platform }}
|
||||
|
|
|
@ -20,10 +20,10 @@ We may backport fixes to the previous release at our discretion, but we don't gu
|
|||
|
||||
We appreciate the efforts of security researchers and the community in identifying and reporting vulnerabilities. To ensure that potential vulnerabilities are addressed properly, please follow these guidelines:
|
||||
|
||||
1. Contact members of the team over E2EE private message.
|
||||
1. **Contact members of the team directly** over E2EE private message.
|
||||
- [@jade:ellis.link](https://matrix.to/#/@jade:ellis.link)
|
||||
- [@nex:nexy7574.co.uk](https://matrix.to/#/@nex:nexy7574.co.uk) <!-- ? -->
|
||||
2. **Email the security team** directly at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
|
||||
2. **Email the security team** at [security@continuwuity.org](mailto:security@continuwuity.org). This is not E2EE, so don't include sensitive details.
|
||||
3. **Do not disclose the vulnerability publicly** until it has been addressed
|
||||
4. **Provide detailed information** about the vulnerability, including:
|
||||
- A clear description of the issue
|
||||
|
@ -48,7 +48,7 @@ When you report a security vulnerability:
|
|||
|
||||
When security vulnerabilities are identified:
|
||||
|
||||
1. We will develop and test fixes in a private branch
|
||||
1. We will develop and test fixes in a private fork
|
||||
2. Security updates will be released as soon as possible
|
||||
3. Release notes will include information about the vulnerabilities, avoiding details that could facilitate exploitation where possible
|
||||
4. Critical security updates may be backported to the previous stable release
|
||||
|
|
|
@ -125,13 +125,13 @@ pub(super) enum DebugCommand {
|
|||
reset: bool,
|
||||
},
|
||||
|
||||
/// - Verify json signatures
|
||||
/// - Sign JSON blob
|
||||
///
|
||||
/// This command needs a JSON blob provided in a Markdown code block below
|
||||
/// the command.
|
||||
SignJson,
|
||||
|
||||
/// - Verify json signatures
|
||||
/// - Verify JSON signatures
|
||||
///
|
||||
/// This command needs a JSON blob provided in a Markdown code block below
|
||||
/// the command.
|
||||
|
|
|
@ -219,6 +219,15 @@ pub fn check(config: &Config) -> Result {
|
|||
));
|
||||
}
|
||||
|
||||
// Check if support contact information is configured
|
||||
if config.well_known.support_email.is_none() && config.well_known.support_mxid.is_none() {
|
||||
warn!(
|
||||
"No support contact information (support_email or support_mxid) is configured in \
|
||||
the well_known section. Users in the admin room will be automatically listed as \
|
||||
support contacts in the /.well-known/matrix/support endpoint."
|
||||
);
|
||||
}
|
||||
|
||||
if config
|
||||
.url_preview_domain_contains_allowlist
|
||||
.contains(&"*".to_owned())
|
||||
|
|
Loading…
Add table
Reference in a new issue