Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
18 check-ins related to "sec2020-2.12-patch"
|
2020-08-20
| ||
| 13:01 | 2.12.1 release candidate with security fixes. check-in: 40feec3291 user: drh tags: branch-2.12 | |
| 00:04 | Report the use of FOSSIL_LEGACY_ALLOW_SYMLINKS in the output "fossil version -v". Closed-Leaf check-in: 89d950efd0 user: drh tags: sec2020-2.12-patch | |
|
2020-08-19
| ||
| 21:08 | The allow-symlinks setting is disabled by default and is not versionable, unless Fossil is compiled with the FOSSIL_LEGACY_ALLOW_SYMLINKS flag, in which case it follows the historic behavior. check-in: cdc90f0c3b user: drh tags: sec2020-2.12-patch | |
| 12:58 | Merge additional symlink fixes. Back out comment-only changes from url.c. check-in: 0ea17c2b11 user: drh tags: sec2020-2.12-patch | |
| 12:26 | Fix harmless compiler warnings. check-in: feef827504 user: drh tags: sec2020 | |
| 12:22 | Additional defenses against doing "fossil add" of files that are beneath symlinks. check-in: 928b023cb7 user: drh tags: sec2020 | |
| 12:08 | Improved detection of attempts to write through a symlink. Now also works for "revert", "stash", and "undo/redo". check-in: f63297b2c5 user: drh tags: sec2020 | |
| 01:07 | Cherrypick key fixes from the sec2020 branch in order to devise a minimal patch to get us to version 2.12.1. check-in: fe1264d35d user: drh tags: sec2020-2.12-patch | |
| 00:15 | Do not allow the "fossil add" command to add files beneath a symlink. check-in: a6abfb911b user: drh tags: sec2020 | |
|
2020-08-18
| ||
| 23:39 | An alternative method for dealing with historical files named "_FOSSIL_" in the tree: Simply pretend they are not there. Closed-Leaf check-in: 8f24c07917 user: drh tags: ignore-reserved-filenames | |
| 21:03 | Cherrypick [d2d8894bb2]: fossil.storage.clear() is now also sandboxed - no longer nuking all state for all repos on the same origin. check-in: d0988e677c user: stephan tags: branch-2.12 | |
| 20:58 | Silently refuse to "fossil add" files that use reserved names. check-in: 888da94e0a user: drh tags: sec2020 | |
| 20:19 | Improved error message and response when trying to manifest a check-out that contains a file beneath a symbolic link directory. check-in: 20d90dd482 user: drh tags: sec2020 | |
| 12:17 | When writing files to disk for a check-out, refuse to write through a symbolic link to a directory. Ticket [f9831fdef1d4edcc]. check-in: a64e384f0c user: drh tags: sec2020 | |
|
2020-08-17
| ||
| 22:22 | Fixes for reserved names case sensitivity, coding style adjustments, more tests. check-in: fde20bc03c user: mistachkin tags: sec2020 | |
| 18:20 | Merge in reject-ckout-db branch. check-in: 8c16884aa2 user: stephan tags: sec2020 | |
| 14:09 | Set an authorizer when running the ticket-table SQL. Ticket [56b82836ffba9952]. check-in: fb41384045 user: drh tags: sec2020 | |
| 09:16 | Prohibit redirects from HTTP or HTTPS over to SSH or FILE. Fix for ticket [61613b0a9cf843b6]. check-in: 253dbd15e2 user: drh tags: sec2020 | |