Stowage/rest-server
2
0
Fork 0
mirror of https://github.com/restic/rest-server.git synced 2025-10-19 15:43:21 +00:00
Code Issues Projects Releases Packages Wiki Activity
282 commits 6 branches 14 tags 6.6 MiB
Commit graph

9 commits

Author SHA1 Message Date
Juergen Hoetzel
33c41b55bb Security: Prevent loading of usernames containing a slash 
"/" is valid char in HTTP authorization headers, but is also used in
rest-server to map usernames to private repos.

This commit prevents loading maliciously composed usernames like
"/foo/config" by restricting the allowed characters to the unicode
character class, numbers, "-", "." and "@".

Closes #131
 2020-12-28 11:30:00 +01:00
Alexander Neumann
d4b929ef35 Move changelog files for 0.10.0 2020-09-13 11:24:26 +02:00
Alexander Neumann
1488830de1 Add entry to changelog 2020-09-13 11:19:26 +02:00
Alexander Neumann
c69d473fa5 Add changelog 2020-04-04 21:13:07 +02:00
Leo R. Lundgren
6ebedcc0b2 Add .gitkeep to persist changelog/unreleased/ when empty. 2019-12-18 23:14:09 +01:00
Alexander Neumann
7dd5483ea3 Merge pull request #64 from restic/fix-append-only 
Security: Refuse overwriting the config file in append-only mode
 2018-04-02 13:25:46 +02:00
Alexander Neumann
0f4f747b74 Add entry to changelog 2018-04-02 13:09:37 +02:00
Alexander Neumann
9d6316bd6e Add pull request URL 2018-03-24 17:41:54 +01:00
Alexander Neumann
897d5a026c Add changelog generated by calens 
Closes #44
 2018-03-24 17:40:49 +01:00