vikunja/pkg
kolaente 39da47e435 fix: detect and fail on oversized zip entries instead of silent truncation
Replace io.LimitReader with a new readZipEntry helper that reads one extra
byte to detect when content exceeds maxZipEntrySize (500MB). This prevents
silent data corruption where partial file bytes would be stored as if the
upload succeeded.

The import now fails with ErrFileTooLarge instead of accepting truncated
content for attachments and background blobs.
2026-02-25 13:01:00 +01:00
..
caldav fix(caldav): do not assume the first element is the VTODO component 2025-12-13 15:30:22 +01:00
cmd feat(cli): reorganize repair commands under unified 'vikunja repair' parent (#2300) 2026-02-25 11:50:09 +00:00
config refactor: remove typesense support 2026-02-25 12:15:28 +01:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db fix(db): validate table names and quote identifiers in raw SQL 2026-02-25 13:01:00 +01:00
doctor refactor: remove typesense support 2026-02-25 12:15:28 +01:00
events fix(events): only trigger task.updated once when marking task done 2025-11-16 11:01:15 +01:00
files feat(cli): reorganize repair commands under unified 'vikunja repair' parent (#2300) 2026-02-25 11:50:09 +00:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-02-21 01:09:54 +00:00
initialize refactor: remove typesense support 2026-02-25 12:15:28 +01:00
log fix(log): write each log category to its own file (#2206) 2026-02-08 15:22:58 +00:00
mail fix(mail): disable queue when mailer disabled (#2069) 2026-01-08 15:51:31 +01:00
metrics fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
migration refactor: remove typesense support 2026-02-25 12:15:28 +01:00
models fix(auth): use checked type assertions for all JWT claims 2026-02-25 13:01:00 +01:00
modules fix: detect and fail on oversized zip entries instead of silent truncation 2026-02-25 13:01:00 +01:00
notifications fix: isolate deletion notifications into per-user transactions 2026-02-25 11:03:02 +01:00
plugins fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes fix(auth): use checked type assertions for all JWT claims 2026-02-25 13:01:00 +01:00
swagger [skip ci] Updated swagger docs 2026-02-25 09:39:04 +00:00
user fix: address review comments on session lifecycle 2026-02-25 11:03:02 +01:00
utils refactor(utils): extract ContainsPathTraversal to shared utils package 2026-02-25 13:01:00 +01:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
webtests test: add session lifecycle tests 2026-02-25 10:30:25 +01:00