server/beego
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
4,824 Commits 3 Branches 2 Tags
Commit Graph

8 Commits

Author SHA1 Message Date
lengpucheng
8b65fc75c4
fixed #5763,fixed #5760 : Add utils.securopen func to fix not syscall.O_NOFOLLOW on Windows (#5764) 2025-04-04 23:24:26 +08:00
chengjingtao
1f40a88b0c Fix CVE-2021-27116 CVE-2021-27117 
1. Adding O_NOFOLLOW flag to prevent symlink attacks

These changes help protect against various security issues including:

- Symlink attacks where attackers could trick the application into modifying unintended files
- Privilege escalation through improper file permissions

Signed-off-by: chengjingtao <jtcheng0616@gmail.com>
 2025-03-15 21:52:43 +08:00
Ming Deng
f81689dfb1
Release v2.0.5 (#5033) 
* add: generic cache random time offset expired.

* bugfix: Csrf token should be Secure and httpOnly, but not now

* fix: expose the Offset property to allow external modifications

* improving the concurrency performance of random value calculation

* add WithOffsetFunc to define private RandomExpireCache.offset field

* fix: add seconds definition

* build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.8.0

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.7.1 to 1.8.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.7.1...v1.8.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix 4907: force admin service http only

* Feat: add get all tasks function (#4999)

* feat: add get all tasks function

* Refine Comments : admin/profile.go,bean/mock.go,config/global.go... (#5009)

* Refine Comments

* refine comments for cache.go

* refine comments for log.go

* Update orm.go

* refine comments for orm_log.go,types.go

* Update utils.go

* Update doc.go

* refine comments for for four files (#5011)

* refine comments for cache.go

* refine comments for log.go

* Update orm.go

* refine comments for orm_log.go,types.go

* Update utils.go

* Update doc.go

* Update db.go

* fix pass []any as any in variadic function by asasalint (#5012)

* fix pass []any as any in variadic function

* add change log

* build(deps): bump go.opentelemetry.io/otel/trace from 1.7.0 to 1.8.0 (#5019)

Bumps [go.opentelemetry.io/otel/trace](https://github.com/open-telemetry/opentelemetry-go) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/trace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* refine comments for package core  (#5014)

* Refine Comments

* refine comments for cache.go

* refine comments for log.go

* Update orm.go

* refine comments for orm_log.go,types.go

* Update utils.go

* Update doc.go

* refine comments

* refine comments

* Update db.go

* refine comments for core

* build(deps): bump go.opentelemetry.io/otel/exporters/stdout/stdouttrace (#5018)

Bumps [go.opentelemetry.io/otel/exporters/stdout/stdouttrace](https://github.com/open-telemetry/opentelemetry-go) from 1.7.0 to 1.8.0.
- [Release notes](https://github.com/open-telemetry/opentelemetry-go/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-go/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-telemetry/opentelemetry-go/compare/v1.7.0...v1.8.0)

---
updated-dependencies:
- dependency-name: go.opentelemetry.io/otel/exporters/stdout/stdouttrace
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix 5022: Miss assiging ln to graceful Server (#5028)

* prepare for releasing v2.0.5 (#5032)

Co-authored-by: auual <ding@ibyte.me>
Co-authored-by: Leon Ding <deen.job@qq.com>
Co-authored-by: dada0z <zhang.guangda@qq.com>
Co-authored-by: kevinzeng <kevinzeng@zego.im>
Co-authored-by: Kevin Tsang <39397413+ktalg@users.noreply.github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: 日暮颂歌1991 <448081525@qq.com>
Co-authored-by: Regan Yue <1131625869@qq.com>
Co-authored-by: alingse <alingse@foxmail.com>
 2022-07-30 16:11:51 +08:00
loyalsoldier
41790b80ac
Fix lint and format code in core dir 2021-06-06 21:00:27 +08:00
shubhendra
644291c028
Replace time.Now().Sub with time.Since 2021-02-25 15:58:45 +05:30
Ming Deng
7bc6010604 rename to v2 2020-12-14 11:12:00 +08:00
Ming Deng
a70f7fc920 using new organization 2020-12-13 23:09:19 +08:00
Ming Deng
198b9cce5f rename key world 'governor' to 'admin' 2020-12-13 19:11:07 +08:00