TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-22 02:11:44 +03:00
Code Issues Projects Releases Wiki Activity
ee67df704e
Ghost/test/unit
History
Daniel Lockyer 93e4b2eafd 🔒 Fixed remote command injection when using sendmail email transport 
refs https://github.com/TryGhost/Ghost/security/advisories/GHSA-wfrj-qqc2-83cm
refs https://github.com/advisories/GHSA-48ww-j4fc-435p

- a vulnerability in `nodemailer` means that the `sendmail` transport is
  vulnerable to command injection for flags passed to the `sendmail`
  binary
- updating to the latest version of Nodemailer required creating
  `@tryghost/nodemailer`, which is a wrapper around Nodemailer and
  several plugins that used to be in the core
- this commit switches to using that package, and fixes up some small
  code + test changes
2021-09-17 16:46:51 +01:00
..
adapters Refactored scheduling default test to use nock 2021-07-15 14:07:11 +04:00
api Fixed failing unit test 2021-08-13 10:22:11 +04:00
apps Renamed tests to .test.js & updated commands 2021-07-06 20:45:01 +01:00
data Added temporary database table for analytic events (#13312) 2021-09-17 11:15:21 +02:00
helpers Fixed logic bugs in match helper (#13315) 2021-09-17 09:47:10 +01:00
lib Blocked 0.* IP addresses when making oembed requests 2021-09-14 11:35:14 +01:00
meta Renamed tests to .test.js & updated commands 2021-07-06 20:45:01 +01:00
models Fixed settings tests due to Bookshelf update 2021-09-10 16:59:11 +01:00
server Renamed tests to .test.js & updated commands 2021-07-06 20:45:01 +01:00
services 🔒 Fixed remote command injection when using sendmail email transport 2021-09-17 16:46:51 +01:00
shared Renamed tests to .test.js & updated commands 2021-07-06 20:45:01 +01:00
web Fixed error when requesting resize of a blank image 2021-07-07 19:11:24 +01:00