discourse/config
Natalie Tay 188cb58daa
SECURITY: Fixes for main (#28137)
* SECURITY: Update default allowed iframes list

Change the default iframe url list to all include 3 slashes.

* SECURITY: limit group tag's name length

Limit the size of a group tag's name to 100 characters.

Internal ref - t/130059

* SECURITY: Improve sanitization of SVGs in Onebox

---------

Co-authored-by: Blake Erickson <o.blakeerickson@gmail.com>
Co-authored-by: Régis Hanol <regis@hanol.fr>
Co-authored-by: David Taylor <david@taylorhq.com>
2024-07-30 14:19:01 +08:00
..
environments DEV: Recover @timestamp in unicorn logs when logstash logger is enabled (#28008) 2024-07-22 15:21:41 +08:00
initializers FEATURE: use new site setting for onebox custom user agent. (#28045) 2024-07-24 04:45:30 +05:30
locales SECURITY: Fixes for main (#28137) 2024-07-30 14:19:01 +08:00
application.rb DEV: Upgrade Rails to version 7.1 2024-07-04 10:58:21 +02:00
boot.rb PERF: Stop running bootsnap in development mode on all environments (#25737) 2024-02-19 11:33:52 +08:00
cdn.yml.sample
database.yml DEV: Fix checkout time not properly enabled on CI (#25621) 2024-02-09 06:02:42 +08:00
deploy.rb.sample
dev_defaults.yml
discourse.config.sample
discourse.pill.sample
discourse_defaults.conf DEV: Add ability to log a warning when Sidekiq job runs for too long (#27446) 2024-06-13 14:24:44 +08:00
environment.rb
logrotate.conf
multisite.yml.production-sample
nginx.global.conf
nginx.sample.conf
projections.json
puma.rb
routes.rb DEV: Move config area site setting fetch into new controller (#28136) 2024-07-30 15:41:28 +10:00
sidekiq.yml
site_settings.yml SECURITY: Fixes for main (#28137) 2024-07-30 14:19:01 +08:00
spring.rb
thin.yml.sample
unicorn.conf.rb DEV: Recover @timestamp in unicorn logs when logstash logger is enabled (#28008) 2024-07-22 15:21:41 +08:00
unicorn_launcher
unicorn_upstart.conf