Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[FIX] Disabling Json Web Tokens protection to file uploads disables the File Upload protection entirely #16262

Merged
merged 2 commits into from
May 30, 2020
Merged

[FIX] Disabling Json Web Tokens protection to file uploads disables the File Upload protection entirely #16262

merged 2 commits into from
May 30, 2020

Conversation

antkaz
Copy link
Contributor

@antkaz antkaz commented Jan 16, 2020

Closes #16261

@antkaz antkaz changed the title [fix] protected file without JWT [FIX] Protected file without JWT Jan 16, 2020
@antkaz antkaz requested a review from ggazzo January 16, 2020 19:13
@CLAassistant
Copy link

CLA assistant check
All committers have signed the CLA.

@rodrigok rodrigok changed the title [FIX] Protected file without JWT [FIX] Disabling Json Web Tokens protection to file uploads disables the File Upload protection entirely May 30, 2020
@rodrigok rodrigok added this to the 3.4.0 milestone May 30, 2020
@rodrigok rodrigok merged commit 6737956 into RocketChat:develop May 30, 2020
gabriellsh added a commit that referenced this pull request Jun 1, 2020
@gabriellsh
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into new/…
1b301b4 
…rewrite_admin_sidebar

* 'develop' of github.com:RocketChat/Rocket.Chat: (30 commits)
  Readme: Update Raspberry Pi 2 to Pi 4 (#17031)
  [NEW] Accept variable `#{userdn}` on LDAP group filter (#16273)
  [FIX] Spotify embed link opens in same tab (#13637)
  [FIX] Markdown links not accepting URLs with parentheses (#13605)
  [NEW][API] Endpoint `settings.addCustomOAuth` to create Custom OAuth services (#14912)
  [IMPROVE] Make the implementation of custom code easier by having placeholders for a custom folder (#15106)
  [NEW] Skip Export Operations that haven't been updated in over a day (#16135)
  [NEW] Highlight matching words in message search results (#16166)
  [FIX] Set `x-content-type-options: nosniff` header (#16232)
  [FIX] Disabling `Json Web Tokens protection to file uploads` disables the File Upload protection entirely (#16262)
  Fixes some italian word (#14008)
  Bump version to 3.4.0-develop
  Bump version to 3.3.0
  Bump version to 3.3.0-rc.4
  Bump version to 3.3.0-rc.3
  Bump version to 3.3.0-rc.2
  Bump version to 3.3.0-rc.1
  Bump version to 3.3.0-rc.0
  [FIX] Slack importer Link handling (#17595)
  Bump version to 3.2.2
  ...
gabriellsh added a commit that referenced this pull request Jun 1, 2020
@gabriellsh
Merge branch 'new/apps_rewrite' of github.com:RocketChat/Rocket.Chat …
1658818 
…into new/apps_rewrite

* 'new/apps_rewrite' of github.com:RocketChat/Rocket.Chat: (31 commits)
  Readme: Update Raspberry Pi 2 to Pi 4 (#17031)
  [NEW] Accept variable `#{userdn}` on LDAP group filter (#16273)
  [FIX] Spotify embed link opens in same tab (#13637)
  [FIX] Markdown links not accepting URLs with parentheses (#13605)
  [NEW][API] Endpoint `settings.addCustomOAuth` to create Custom OAuth services (#14912)
  [IMPROVE] Make the implementation of custom code easier by having placeholders for a custom folder (#15106)
  [NEW] Skip Export Operations that haven't been updated in over a day (#16135)
  [NEW] Highlight matching words in message search results (#16166)
  [FIX] Set `x-content-type-options: nosniff` header (#16232)
  [FIX] Disabling `Json Web Tokens protection to file uploads` disables the File Upload protection entirely (#16262)
  Fixes some italian word (#14008)
  Submit a payload to the release service when a release happens (#17775)
  Bump version to 3.4.0-develop
  Bump version to 3.3.0
  Bump version to 3.3.0-rc.4
  Bump version to 3.3.0-rc.3
  Bump version to 3.3.0-rc.2
  Bump version to 3.3.0-rc.1
  Bump version to 3.3.0-rc.0
  [FIX] Slack importer Link handling (#17595)
  ...
shedoev added a commit to sibdigital/rgrt that referenced this pull request Jun 2, 2020
@shedoev
Merge branch 'develop' of https://github.com/RocketChat/Rocket.Chat i…
df8121e 
…nto develop

* 'develop' of https://github.com/RocketChat/Rocket.Chat: (83 commits)
  Fix invalid develop payload to release service (RocketChat#17799)
  Readme: Update Raspberry Pi 2 to Pi 4 (RocketChat#17031)
  [NEW] Accept variable `#{userdn}` on LDAP group filter (RocketChat#16273)
  [FIX] Spotify embed link opens in same tab (RocketChat#13637)
  [FIX] Markdown links not accepting URLs with parentheses (RocketChat#13605)
  [NEW][API] Endpoint `settings.addCustomOAuth` to create Custom OAuth services (RocketChat#14912)
  [IMPROVE] Make the implementation of custom code easier by having placeholders for a custom folder (RocketChat#15106)
  [NEW] Skip Export Operations that haven't been updated in over a day (RocketChat#16135)
  [NEW] Highlight matching words in message search results (RocketChat#16166)
  [FIX] Set `x-content-type-options: nosniff` header (RocketChat#16232)
  [FIX] Disabling `Json Web Tokens protection to file uploads` disables the File Upload protection entirely (RocketChat#16262)
  Fixes some italian word (RocketChat#14008)
  Submit a payload to the release service when a release happens (RocketChat#17775)
  Bump version to 3.4.0-develop
  Bump version to 3.3.0
  Bump version to 3.3.0-rc.4
  Regression: Fix Unread bar design (RocketChat#17750)
  Regression: Adjusting spaces between OAuth login buttons (RocketChat#17745)
  Improved thread margins for clarity
  Bump version to 3.3.0-rc.3
  ...

� Conflicts:
�	app/theme/client/imports/general/variables.css
�	app/ui-sidenav/client/sideNav.html
ggazzo added a commit that referenced this pull request Jun 3, 2020
@ggazzo
Merge branch 'develop' of github.com:RocketChat/Rocket.Chat into feat…
a41d241 
…/new-threads

* 'develop' of github.com:RocketChat/Rocket.Chat: (38 commits)
  [IMPROVE][Federation] Add support for _tcp and protocol DNS entries (#17818)
  Fix the update check not working (#17809)
  Add Apps-Engine to Engine Versions on History (#17810)
  [FIX] Link preview containing HTML encoded chars (#16512)
  [FIX] Email link "go to message" being incorrectly escaped (#17803)
  [FIX] Error when re-installing an App (#17789)
  Update Apps-Engine version (#17804)
  Fix invalid develop payload to release service (#17799)
  Readme: Update Raspberry Pi 2 to Pi 4 (#17031)
  [NEW] Accept variable `#{userdn}` on LDAP group filter (#16273)
  [FIX] Spotify embed link opens in same tab (#13637)
  [FIX] Markdown links not accepting URLs with parentheses (#13605)
  [NEW][API] Endpoint `settings.addCustomOAuth` to create Custom OAuth services (#14912)
  [IMPROVE] Make the implementation of custom code easier by having placeholders for a custom folder (#15106)
  [NEW] Skip Export Operations that haven't been updated in over a day (#16135)
  [NEW] Highlight matching words in message search results (#16166)
  [FIX] Set `x-content-type-options: nosniff` header (#16232)
  [FIX] Disabling `Json Web Tokens protection to file uploads` disables the File Upload protection entirely (#16262)
  Fixes some italian word (#14008)
  Bump version to 3.4.0-develop
  ...
@sampaiodiego sampaiodiego mentioned this pull request Jun 30, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rodrigok rodrigok rodrigok approved these changes

@ggazzo ggazzo Awaiting requested review from ggazzo

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
3.4.0
Development

Successfully merging this pull request may close these issues.

uploaded files are not protected
3 participants
@antkaz @CLAassistant @rodrigok