Claper

Mirrors/Claper

Fork 0

mirror of https://github.com/ClaperCo/Claper.git synced 2026-02-24 12:09:59 +01:00

Commit Graph

Author	SHA1	Message	Date
Alexandre Lion	8f46837900	Fix critical security vulnerabilities (#211 ) * Fix critical security vulnerabilities Address 5 critical findings from security audit: - Sanitize custom embed HTML to prevent stored XSS (strip all non-iframe content) - Escape URLs in format_body/1 to prevent reflected XSS via post messages - Add authorization check to form export endpoint (IDOR fix) - Replace String.to_atom/1 on user input with explicit whitelists (8 locations) - Add IP-based rate limiting on authentication endpoints via Hammer * Start rate limiter before endpoint in supervision tree * Update CHANGELOG	2026-02-09 19:18:14 +01:00
Alexandre Lion	5853bc34d8	Add admin panel and user roles (#189 )	2025-11-20 10:44:06 +01:00

Author

SHA1

Message

Date

Alexandre Lion

8f46837900

Fix critical security vulnerabilities (#211 )

* Fix critical security vulnerabilities

Address 5 critical findings from security audit:
- Sanitize custom embed HTML to prevent stored XSS (strip all non-iframe content)
- Escape URLs in format_body/1 to prevent reflected XSS via post messages
- Add authorization check to form export endpoint (IDOR fix)
- Replace String.to_atom/1 on user input with explicit whitelists (8 locations)
- Add IP-based rate limiting on authentication endpoints via Hammer

* Start rate limiter before endpoint in supervision tree

* Update CHANGELOG

2026-02-09 19:18:14 +01:00

Alexandre Lion

5853bc34d8

Add admin panel and user roles (#189 )

2025-11-20 10:44:06 +01:00

2 Commits