github-starred/vikunja
2
0
Fork 0
mirror of https://github.com/go-vikunja/vikunja.git synced 2026-05-10 15:15:41 -05:00
Code Issues 690 Packages Projects Releases 11 Wiki Activity
Files
b6dc0096af3b42ceda9408a1209e8613b2794e4d
vikunja/pkg
History
kolaente b6dc0096af test(project): add regression tests for reparent privilege escalation 
Covers GHSA-2vq4-854f-5c72 / CVE-2026-35595: attackers with direct or
inherited Write on a project must not be able to reparent it under their
own tree nor detach it to root. Also pins the legitimate rename-with-Write
and owner-detach flows so the upcoming fix does not regress them.
2026-04-09 16:47:35 +00:00
..
caldav
fix(caldav): escape user-controlled strings per RFC 5545 in VCALENDAR output
2026-04-09 15:44:04 +00:00
caldavtests
fix(caldav): skip tests for known CalDAV bugs and fix timing issues
2026-04-02 11:34:55 +00:00
cmd
config
fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients
2026-04-09 07:31:08 +00:00
cron
db
test(fixtures): add child project for reparent escalation tests
2026-04-09 16:47:35 +00:00
doctor
feat(auth): enforce OpenID Connect issuer uniqueness across providers
2026-03-30 22:41:50 +00:00
e2etests
test(webhook): assert bad webhook is retried in no-duplicate test
2026-04-09 09:26:04 +00:00
events
files
fix(files): derive file size from reader at creation boundary
2026-04-09 16:22:56 +00:00
health
i18n
chore(i18n): update translations via Crowdin
2026-04-08 01:25:14 +00:00
initialize
feat(websocket): add HTTP upgrade handler and /api/v1/ws route
2026-04-02 16:30:23 +00:00
log
fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests
2026-04-03 18:30:39 +00:00
mail
fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests
2026-04-03 18:30:39 +00:00
metrics
migration
models
test(project): add regression tests for reparent privilege escalation
2026-04-09 16:47:35 +00:00
modules
test(todoist): serve attachment from local test server
2026-04-09 16:22:56 +00:00
notifications
fix(notifications): escape markdown in user-controlled strings in email lines
2026-04-09 15:44:04 +00:00
plugins
test(plugins): add yaegi plugin integration tests
2026-03-30 20:44:46 +00:00
red
routes
fix(security): persist TOTP lockout across login rollback
2026-04-09 16:08:26 +00:00
swagger
[skip ci] Updated swagger docs
2026-04-07 15:45:50 +00:00
user
test(user): cover TOTP lockout persistence and password-reset unlock
2026-04-09 16:08:26 +00:00
utils
fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients
2026-04-09 07:31:08 +00:00
version
web
websocket
feat(websocket): add notification event with XORM AfterInsert dispatch
2026-04-02 16:30:23 +00:00
webtests
test(webtests): add end-to-end TOTP lockout test
2026-04-09 16:08:26 +00:00
yaegi_symbols
test(plugins): add yaegi plugin integration tests
2026-03-30 20:44:46 +00:00