vikunja/pkg
kolaente 33389bb0b3 test(migration): regression test for forged attachment size
Builds an in-memory export zip with a 2 MB payload and a data.json
that claims size: 0, then asserts neither the honest 2 MB row nor
the forged 0-size row ends up in the files table. Covers
GHSA-qh78-rvg3-cv54.
2026-04-09 16:22:56 +00:00
..
caldav fix(caldav): escape user-controlled strings per RFC 5545 in VCALENDAR output 2026-04-09 15:44:04 +00:00
caldavtests fix(caldav): skip tests for known CalDAV bugs and fix timing issues 2026-04-02 11:34:55 +00:00
cmd refactor(user): export IsErrUserStatusError for use across packages 2026-03-23 12:06:16 +00:00
config fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db fix(labels): derive label max permission from accessible tasks only 2026-04-09 15:43:04 +00:00
doctor feat(auth): enforce OpenID Connect issuer uniqueness across providers 2026-03-30 22:41:50 +00:00
e2etests test(webhook): assert bad webhook is retried in no-duplicate test 2026-04-09 09:26:04 +00:00
events feat: add InitEventsForTesting and Unfake for real event dispatch in tests 2026-03-05 12:49:27 +01:00
files fix(files): derive file size from reader at creation boundary 2026-04-09 16:22:56 +00:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-04-08 01:25:14 +00:00
initialize feat(websocket): add HTTP upgrade handler and /api/v1/ws route 2026-04-02 16:30:23 +00:00
log fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests 2026-04-03 18:30:39 +00:00
mail fix(mail): guard log calls in GetMailDomain and fix hostname-dependent tests 2026-04-03 18:30:39 +00:00
metrics fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
migration feat: add OAuth 2.0 authorization code model and migration 2026-03-27 23:05:04 +00:00
models refactor(files): derive attachment size from content in sibling callers 2026-04-09 16:22:56 +00:00
modules test(migration): regression test for forged attachment size 2026-04-09 16:22:56 +00:00
notifications fix(notifications): escape markdown in user-controlled strings in email lines 2026-04-09 15:44:04 +00:00
plugins test(plugins): add yaegi plugin integration tests 2026-03-30 20:44:46 +00:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes fix(security): persist TOTP lockout across login rollback 2026-04-09 16:08:26 +00:00
swagger [skip ci] Updated swagger docs 2026-04-07 15:45:50 +00:00
user test(user): cover TOTP lockout persistence and password-reset unlock 2026-04-09 16:08:26 +00:00
utils fix: add timeouts to Gravatar, Unsplash, and SSRF-safe HTTP clients 2026-04-09 07:31:08 +00:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web feat(handlers): dispatch pending events after transaction commit 2026-03-03 12:46:34 +01:00
websocket feat(websocket): add notification event with XORM AfterInsert dispatch 2026-04-02 16:30:23 +00:00
webtests test(webtests): add end-to-end TOTP lockout test 2026-04-09 16:08:26 +00:00
yaegi_symbols test(plugins): add yaegi plugin integration tests 2026-03-30 20:44:46 +00:00