Patched slug CVE-2017-16117 by truncating input
parent
6e453ac15c
commit
6925839f9b
|
@ -7,6 +7,7 @@
|
|||
* Improved debugging output
|
||||
* Tried to fix scrollwheel
|
||||
* Fixed security audited npm packages
|
||||
* Patched [CVE-2017-16117](https://github.com/dodo/node-slug/issues/82) on [node-slug](https://github.com/dodo/node-slug)
|
||||
|
||||
###### v0.9.0
|
||||
* [#121](https://github.com/Tracman-org/Server/issues/121) Fixed various security holes
|
||||
|
|
|
@ -67,6 +67,7 @@ Tracman will be updated according to [this branching model](http://nvie.com/post
|
|||
* Removed express validator and replaced with homegrown function
|
||||
* Fixed showing welcome message on every login
|
||||
* Removed naked domains
|
||||
* Patched [CVE-2017-16117](https://github.com/dodo/node-slug/issues/82) on [node-slug](https://github.com/dodo/node-slug)
|
||||
|
||||
###### v0.8.x
|
||||
* Hotfixed service worker bugs
|
||||
|
|
|
@ -5,10 +5,13 @@ const mail = require('../mail.js')
|
|||
const User = require('../models.js').user
|
||||
const crypto = require('crypto')
|
||||
const moment = require('moment')
|
||||
const slugify = require('slug')
|
||||
const sanitize = require('mongo-sanitize')
|
||||
const debug = require('debug')('tracman-routes-auth')
|
||||
const env = require('../env/env.js')
|
||||
// Trim slug to patch CVE-2017-16117
|
||||
const slugify = function(s) {
|
||||
return require('slug')(s.slice(0,99))
|
||||
}
|
||||
|
||||
module.exports = (app, passport) => {
|
||||
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
'use strict'
|
||||
|
||||
const router = require('express').Router()
|
||||
const slug = require('slug')
|
||||
const xss = require('xss')
|
||||
const User = require('../models.js').user
|
||||
// Trim slug to patch CVE-2017-16117
|
||||
const slug = function(s) {
|
||||
return require('slug')(s.slice(0,99))
|
||||
}
|
||||
|
||||
module.exports = router
|
||||
|
||||
|
|
|
@ -1,14 +1,16 @@
|
|||
'use strict'
|
||||
|
||||
const slug = require('slug')
|
||||
const xss = require('xss')
|
||||
const mw = require('../middleware.js')
|
||||
const User = require('../models.js').user
|
||||
const mail = require('../mail.js')
|
||||
const env = require('../env/env.js')
|
||||
const sanitize = require('mongo-sanitize')
|
||||
const debug = require('debug')('tracman-routes-settings')
|
||||
const router = require('express').Router()
|
||||
// Trim slug to patch CVE-2017-16117
|
||||
const slug = function(s) {
|
||||
return require('slug')(s.slice(0,99))
|
||||
}
|
||||
|
||||
// Settings form
|
||||
router.route('/')
|
||||
|
|
Loading…
Reference in New Issue