Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix(core): Do not allow arbitrary path traversal in the credential-translation endpoint #5522

Merged
merged 3 commits into from
Feb 21, 2023
Merged

fix(core): Do not allow arbitrary path traversal in the credential-translation endpoint #5522

merged 3 commits into from
Feb 21, 2023

Conversation

netroy
Copy link
Member

@netroy netroy commented Feb 20, 2023

Also:

  1. Extract translation endpoints out into their own controller
  2. Add Unit tests for the credential-translation endpoint

@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team labels Feb 20, 2023
krynble
krynble approved these changes Feb 21, 2023
View reviewed changes
Copy link
Contributor

@krynble krynble left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@netroy netroy merged commit f0f8d59 into n8n-io:master Feb 21, 2023
@netroy netroy deleted the fix-credential-translation-path-traversal branch February 21, 2023 10:21
@n8n-assistant n8n-assistant bot added the Upcoming Release Will be part of the upcoming release label Feb 21, 2023
janober pushed a commit that referenced this pull request Feb 21, 2023
@netroy @janober
fix(core): Do not allow arbitrary path traversal in the credential-tr…
fb07d77 
…anslation endpoint (#5522)
janober added a commit that referenced this pull request Feb 21, 2023
@github-actions @janober @netroy
🚀 Release 0.216.1 (#5531)
7400c35 
* 🚀 Release 0.216.1

* fix(core): Do not allow arbitrary path traversal in the credential-translation endpoint (#5522)

* fix(core): Do not allow arbitrary path traversal in BinaryDataManager (#5523)

* fix(core): User update endpoint should only allow updating email, firstName, and lastName (#5526)

* fix(core): Do not explicitly bypass auth on urls containing `.svg` (#5525)

* 📚 Update CHANGELOG.md

---------

Co-authored-by: janober <janober@users.noreply.github.com>
Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <netroy@users.noreply.github.com>
Co-authored-by: Jan Oberhauser <jan.oberhauser@gmail.com>
@janober
Copy link
Member

janober commented Feb 21, 2023

Got released with n8n@0.216.1

@janober janober removed the Upcoming Release Will be part of the upcoming release label Feb 21, 2023
netroy added a commit to netroy/n8n that referenced this pull request Feb 23, 2023
@netroy
fix(core): Do not allow arbitrary path traversal in the credential-tr…
397e42d 
…anslation endpoint (n8n-io#5522)
netroy added a commit that referenced this pull request Feb 23, 2023
@netroy
fix(core): Do not allow arbitrary path traversal in the credential-tr…
14d2a88 
…anslation endpoint (#5522)
@MarkLee131 MarkLee131 mentioned this pull request Nov 22, 2023
Merged
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@krynble krynble krynble approved these changes

Assignees
No one assigned
Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team skip-e2e
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@netroy @janober @krynble