@ -7,6 +7,7 @@
* Improved debugging output
* Tried to fix scrollwheel
* Fixed security audited npm packages
* Patched [CVE-2017-16117](https://github.com/dodo/node-slug/issues/82) on [node-slug](https://github.com/dodo/node-slug)
###### v0.9.0
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
@ -67,6 +67,7 @@ Tracman will be updated according to [this branching model](http://nvie.com/post
* Removed express validator and replaced with homegrown function
* Fixed showing welcome message on every login
* Removed naked domains
###### v0.8.x
* Hotfixed service worker bugs
@ -5,10 +5,13 @@ const mail = require('../mail.js')
const User = require('../models.js').user
const crypto = require('crypto')
const moment = require('moment')
const slugify = require('slug')
const sanitize = require('mongo-sanitize')
const debug = require('debug')('tracman-routes-auth')
const env = require('../env/env.js')
// Trim slug to patch CVE-2017-16117
const slugify = function(s) {
return require('slug')(s.slice(0,99))
}
module.exports = (app, passport) => {
@ -1,9 +1,12 @@
'use strict'
const router = require('express').Router()
const slug = require('slug')
const xss = require('xss')
const slug = function(s) {
module.exports = router
@ -1,14 +1,16 @@
const mw = require('../middleware.js')
const mail = require('../mail.js')
const debug = require('debug')('tracman-routes-settings')
// Settings form
router.route('/')