github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-05-23 08:32:45 -05:00
Code Issues 307 Packages Projects Releases 83 Wiki Activity

[PR #4737] [MERGED] Update admin interface #16330

New Issue
Closed
opened 2026-04-23 07:48:33 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-23 07:48:33 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/dani-garcia/vaultwarden/pull/4737
Author: @BlackDex
Created: 7/11/2024
Status: Merged
Merged: 7/12/2024
Merged by: @dani-garcia

Base: mainHead: admin-fixes

📝 Commits (1)

📊 Changes

11 files changed (+95 additions, -67 deletions)

View changed files

📝 src/api/admin.rs (+9 -3)
📝 src/auth.rs (+30 -2)
📝 src/config.rs (+0 -27)
📝 src/static/scripts/admin.js (+2 -2)
📝 src/static/scripts/admin_diagnostics.js (+5 -5)
📝 src/static/scripts/admin_settings.js (+1 -1)
📝 src/static/scripts/admin_users.js (+4 -2)
📝 src/static/scripts/datatables.css (+2 -2)
📝 src/static/scripts/datatables.js (+35 -18)
📝 src/static/templates/admin/organizations.hbs (+1 -1)
📝 src/static/templates/admin/users.hbs (+6 -4)

📄 Description

  • Updated datatables
  • Set Cookie Secure flag if the connection is https
  • Prevent possible XSS via Organization Name
    Converted all innerHTML and innerText to the Safe Sink version textContent
  • Removed jsesc function as handlebars escapes all these chars already and more by default

Fixes: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39926

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/dani-garcia/vaultwarden/pull/4737 **Author:** [@BlackDex](https://github.com/BlackDex) **Created:** 7/11/2024 **Status:** ✅ Merged **Merged:** 7/12/2024 **Merged by:** [@dani-garcia](https://github.com/dani-garcia) **Base:** `main` ← **Head:** `admin-fixes` --- ### 📝 Commits (1) - [`d756837`](https://github.com/dani-garcia/vaultwarden/commit/d7568371c5e00f19aa5925d68db751cbfb08d9a2) Update admin interface ### 📊 Changes **11 files changed** (+95 additions, -67 deletions) <details> <summary>View changed files</summary> 📝 `src/api/admin.rs` (+9 -3) 📝 `src/auth.rs` (+30 -2) 📝 `src/config.rs` (+0 -27) 📝 `src/static/scripts/admin.js` (+2 -2) 📝 `src/static/scripts/admin_diagnostics.js` (+5 -5) 📝 `src/static/scripts/admin_settings.js` (+1 -1) 📝 `src/static/scripts/admin_users.js` (+4 -2) 📝 `src/static/scripts/datatables.css` (+2 -2) 📝 `src/static/scripts/datatables.js` (+35 -18) 📝 `src/static/templates/admin/organizations.hbs` (+1 -1) 📝 `src/static/templates/admin/users.hbs` (+6 -4) </details> ### 📄 Description - Updated datatables - Set Cookie Secure flag if the connection is https - Prevent possible XSS via Organization Name Converted all `innerHTML` and `innerText` to the Safe Sink version `textContent` - Removed `jsesc` function as handlebars escapes all these chars already and more by default Fixes: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-39926 --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-23 07:48:33 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#16330
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?