github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-22 09:46:30 -05:00
Code Issues Projects Releases Packages Wiki Activity
hedgedoc/public
History
Sheogorath a2522888b2
Remove PDF export 
As we already decleared in earlier versions, this patch removes PDF
export entirely. It's a not acceptable security risk for every CodiMD
instance.

The current implementation allowed to extract arbitary files from the
CodiMD host and therefore leaking secrets from a `/etc/passwd` to
CodiMD's own config files and all secrets contained in it.

Thanks to Joona for finding this vulnerability in August last year,
which lead to an emergency disabling of PDF exports in 1.5.0.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2020-02-26 15:05:54 +01:00
..
css Fix font path when useCND is false and urlPath is used 2020-01-15 16:32:55 +01:00
docs Remove mattermost integration 2020-02-25 14:33:30 +01:00
fonts Remove uesless executable permission for static files 2016-11-14 21:13:02 +08:00
js Remove PDF export 2020-02-26 15:05:54 +01:00
uploads upload image to public/uploads 2016-11-14 16:45:57 +08:00
vendor Fix toolbar day mode 2019-05-12 20:15:46 +02:00
views Remove PDF export 2020-02-26 15:05:54 +01:00
.eslintrc.js switching to eslint for code checking 2018-11-14 23:15:36 +01:00
apple-touch-icon.png optimize png images using zopflipng 2016-10-10 00:53:54 +08:00
codimd-icon-1024.png Rebrand HackMD to CodiMD 2018-06-24 13:24:12 +02:00
default.md Removed unused note and set empty on default note, updated features note 2016-01-17 09:57:25 -06:00
favicon.png optimize png images using zopflipng 2016-10-10 00:53:54 +08:00
screenshot.png Add new screenshot 2019-04-01 23:19:02 +02:00