paulmataruso/zulip
1
0
Fork 0
mirror of https://github.com/zulip/zulip.git synced 2025-11-03 05:23:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
2a14aa5180e1b76f5811eca592c5565bb5f8520c
zulip/zerver
History
Anders Kaseorg 20f9293f1f CVE-2022-31017: Fix edit event exposure in protected-history streams. 
When editing an old message in a private stream with protected
history, the server would incorrectly send an API event including the
edited message to all of the stream’s current subscribers, including
those who should not have access to the old message. This API event is
ignored by official clients, so it could only be observed by a user
using a modified client or their browser’s developer tools.

Signed-off-by: Anders Kaseorg <anders@zulip.com>
2022-06-21 13:41:23 -07:00
..
actions
CVE-2022-31017: Fix edit event exposure in protected-history streams.
2022-06-21 13:41:23 -07:00
data_import
typing: Apply trivial fixes to adjust edge cases in typing.
2022-05-30 12:03:51 -07:00
integration_fixtures/nagios
lib
retention: Add docstring info on how archive cleaning works.
2022-06-08 15:12:36 -07:00
management
management: Remove rename_stream.
2022-06-21 12:56:54 -07:00
migrations
typing: Add appropriate none-checks for LOCAL_UPLOADS_DIR.
2022-05-31 09:43:55 -07:00
openapi
api-docs: Add changelog entry for user/stream ID narrow options.
2022-06-01 15:11:26 -07:00
tests
test_tornado: Call process_event on first fetch_events return.
2022-06-08 17:10:38 -07:00
tornado
tornado: Fix race condition on handler._request.
2022-06-08 17:10:38 -07:00
views
typing: Add assertions for authentication.
2022-05-31 09:43:55 -07:00
webhooks
gitlab: Fix event_name -> object_kind defaulting.
2022-06-02 23:23:19 -07:00
worker
message_send: Remove unnecessary user_ids argument.
2022-05-04 14:45:18 -07:00
__init__.py
apps.py
context_processors.py
typing: Apply trivial fixes to adjust edge cases in typing.
2022-05-30 12:03:51 -07:00
decorator.py
puppet: Remove typo'd cron job.
2022-05-16 14:57:21 -07:00
filters.py
forms.py
typing: Add assertions for authentication.
2022-05-31 09:43:55 -07:00
logging_handlers.py
python: Use Python 3.8 typing.{Protocol,TypedDict}.
2022-04-27 12:57:49 -07:00
middleware.py
response: Replace response.asynchronous attribute with new class.
2022-05-27 14:27:34 -07:00
models.py
retention: Add docstring info on how archive cleaning works.
2022-06-08 15:12:36 -07:00
signals.py
django: Use HttpRequest.headers.
2022-05-13 20:42:20 -07:00