github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-10-19 22:00:15 -04:00
Code Issues Projects Releases Packages Wiki Activity
hedgedoc/public/views/codimd
History
Sheogorath a2522888b2
Remove PDF export 
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00
..
body.ejs Add rel="noopener" to target="_blank" links 2018-10-04 01:49:36 +02:00
foot.ejs Update mermaid in CDN 2020-02-10 17:12:31 +00:00
footer.ejs Rename HackMD view to CodiMD 2018-06-24 13:40:18 +02:00
head.ejs Fix urlPath support, let CodiMD be served from a subpath correctly 2019-12-20 12:03:16 +01:00
header.ejs Remove PDF export 2020-02-26 15:05:54 +01:00