captureExceptions are used to report expected exceptions from domain-util.js and
config-util.js.
All files that include logger-util automatically includes sentry for those files
and report unexpected exceptions to sentry.
This PR adds a feature to download file-attachments to "Downloads" folder and shows a
notification when the download is complete. On clicking the notification user can
open the downloaded file with system default app. A user can set/change the download location
from the settings > general.
This PR adds the function that when a user clicks of "Show App Logs" from the menu, open the Downloads folder with a zip file containing all the Logs and User Configs. This will help the user to easily share logs with us.
This commit moves all the configuration(.json) files into a config folder
if the config folder doesn't already exist. It also updates the places
where these files are being accessed with the new address.
This will help us zip the folder easily in the future.
This PR helps to validate custom/self-signed certificates for servers
by saving the certificate file in certificates folder in user's appData folder.
We now use this certificate with the request while validating the server
when adding the organization. This validation of certificate is done by the request module itself.
Fixes: #126.
This PR uses resolveProxy to read system proxy settings and store
them in proper proxy format string using ConfigUtil. It removes the previous
use proxy option and replaces it with use system proxy and manual proxy
options.
Fixes: #296.
For the new servers we are already pushing the realm
details after escaping data but for already saved servers
we should escape the same to avoid any security issue.
There is a bug in v2 of electron which causes
pale colors. Resetting the color profile to srgb
fixes this problem. This is a temporary solution
until electron officially fixes this.
More info - https://github.com/electron/electron/issues/10732.
Fixes: #497.
Now using the `escape-html` module so that we can decode
the realm description properly and escape the html at the
same time. The encodeURIComponent function doesn't
provide this kind of flexibility. We need to decode the
real description properly since we show the same in the
tooltip and setting page.
* dependencies: Upgrade rc to the depth of 5.
This updates rc dependecies, to fix a vulnerability
deep-extend - Prototype Pollution
Refs: https://nodesecurity.io/advisories/612
* dependencies: Upgrade stringstream to the depth of 6.
This solves, 5 vulnerabilities which were using the vulnerable
version of stringstream.
stringstream - Out-of-bounds Read
Refs: https://nodesecurity.io/advisories/664
* gulp: Upgrade gulp to v4.0.0.
This solves, 5 vulnerabilities.
minimatch - Regular Expression Denial of Service
https://nodesecurity.io/advisories/118
lodash - Prototype Pollution
https://nodesecurity.io/advisories/577
* dependencies: Update request to the depth of 6.
This solves 5 vulnerabilities.
stringstream - Out-of-bounds Read
https://nodesecurity.io/advisories/664
This commit fixes a security bug which was caused by
using innerHTML and not doing proper HTML escaping.
Ideally, we should be doing proper HTML escaping for
any data we get from the server to avoid XSS attack.
We already handle realm icon and url very well, the
realm description was not handled previously but this commit
now fixes this in a right way.
