TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-21 09:52:06 +03:00
Code Issues Projects Releases Wiki Activity
92533b2de7
Ghost/test
History
Daniel Lockyer 93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport 
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
..
api-acceptance Removed method complexity in integrations API controller 2021-09-16 14:23:48 +03:00
frontend-acceptance Added /email/ route to robots.txt 2021-08-10 13:45:53 +04:00
regression Added temporary database table for analytic events (#13312) 2021-09-17 11:15:21 +02:00
unit 🔒 Fixed remote command injection when using sendmail email transport 2021-09-17 16:46:51 +01:00
utils Added Members bulk actions endpoint 2021-08-23 16:38:21 +02:00
.eslintignore Move tests from core to root (#11700) 2020-03-30 16:26:47 +01:00
.eslintrc.js Upgraded no-skipped-test rule to error 2021-05-26 14:57:43 +01:00
.jshintrc Move tests from core to root (#11700) 2020-03-30 16:26:47 +01:00