BlackDex 
							
						 
					 
					
						
						
							
						
						ebf40099f2 
					 
					
						
						
							
							Updated authenticator TOTP  
						
						... 
						
						
						
						- Added security check for previouse used codes
- Allow TOTP codes with 1 step back and forward when there is a time
drift. This means in total 3 codes could be valid. But only newer codes
then the previouse used codes are excepted after that. 
						
						
							
						
					 
					
						2019-10-10 17:32:20 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						0586c00285 
					 
					
						
						
							
							Merge pull request  #653  from stevesbrain/master  
						
						... 
						
						
						
						Simple grammar update 
						
						
							
						
					 
					
						2019-10-10 01:06:51 +02:00 
						 
				 
			
				
					
						
							
							
								Steve Divskinsy 
							
						 
					 
					
						
						
							
						
						bb9ddd5680 
					 
					
						
						
							
							Merge pull request  #1  from stevesbrain/stevesbrain-patch-1  
						
						... 
						
						
						
						Very simple grammar updates 
						
						
							
						
					 
					
						2019-10-09 22:23:20 +10:30 
						 
				 
			
				
					
						
							
							
								Steve Divskinsy 
							
						 
					 
					
						
						
							
						
						cb1663fc12 
					 
					
						
						
							
							Very simple grammar updates  
						
						... 
						
						
						
						Just some basic grammar updates in the "get in touch" section. 
						
						
							
						
					 
					
						2019-10-09 22:22:52 +10:30 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						45d9d8db94 
					 
					
						
						
							
							Merge pull request  #652  from BlackDex/hibp-changes  
						
						... 
						
						
						
						Some modification when no HIBP API Key is set 
						
						
							
						
					 
					
						2019-10-09 00:44:00 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						edc482c8ea 
					 
					
						
						
							
							Changed HIBP Error message.  
						
						... 
						
						
						
						- Moved the manual link to the check to the top.
- Clearified that hibp is a payed service.
- Changed error logo to hibp logo. 
						
						
							
						
					 
					
						2019-10-08 22:29:12 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						6e5c03cc78 
					 
					
						
						
							
							Some modification when no HIBP API Key is set  
						
						... 
						
						
						
						- Added an URL with the useraccount for manual check.
- Added support for HTTP(S)_PROXY for hibp. 
						
						
							
						
					 
					
						2019-10-08 21:39:11 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						881c1978eb 
					 
					
						
						
							
							Error when the URL scheme doesn't match the database type  
						
						
						
						
							
						
					 
					
						2019-10-08 19:34:47 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						662bc27523 
					 
					
						
						
							
							Updated dependencies and fixed disable_admin_token description  
						
						
						
						
							
						
					 
					
						2019-10-08 19:33:27 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						b4b62c22a4 
					 
					
						
						
							
							Merge pull request  #648  from BlackDex/icon-security  
						
						... 
						
						
						
						Added missing .env configuration option. 
						
						
							
 
						
					 
					
						2019-10-08 18:08:32 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						05569147af 
					 
					
						
						
							
							Added missing .env configuration option.  
						
						
						
						
							
						
					 
					
						2019-10-08 13:30:17 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						99a635d327 
					 
					
						
						
							
							Merge pull request  #643  from BlackDex/icon-security  
						
						... 
						
						
						
						Updated icon blacklisting. 
						
						
							
						
					 
					
						2019-10-05 17:06:14 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						e6b763026e 
					 
					
						
						
							
							Merge branch 'master' into icon-security  
						
						
						
						
							
						
					 
					
						2019-10-05 16:45:36 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						c182583e09 
					 
					
						
						
							
							Merge pull request  #644  from BlackDex/issue-565  
						
						... 
						
						
						
						Fixed issue #565  
						
						
							
						
					 
					
						2019-10-05 16:17:43 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						d821389c2e 
					 
					
						
						
							
							Merge pull request  #639  from vverst/cors-update  
						
						... 
						
						
						
						Change CORS headers 
						
						
							
						
					 
					
						2019-10-05 16:09:33 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						be2916333b 
					 
					
						
						
							
							Fixed issue  #565  
						
						... 
						
						
						
						Issue fixed by omitting the cookie header when cookie_str is empty 
						
						
							
						
					 
					
						2019-10-05 15:45:09 +02:00 
						 
				 
			
				
					
						
							
							
								BlackDex 
							
						 
					 
					
						
						
							
						
						9124d8a3fb 
					 
					
						
						
							
							Updated icon blacklisting.  
						
						... 
						
						
						
						- Blacklisting was not effective for redirects and rel href
- Able to blacklist non global IP's like RFC1918, multicast etc... 
						
						
							
						
					 
					
						2019-10-05 14:48:15 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						7b1da527a6 
					 
					
						
						
							
							Change CORS headers  
						
						... 
						
						
						
						Only add Allow-Origin to all requests and move the others to preflight OPTIONS request.
If Origin is `file://` change it to the wildcard. 
						
						
							
						
					 
					
						2019-10-01 20:12:33 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						e7b8602e1f 
					 
					
						
						
							
							Merge pull request  #638  from mprasil/add_sqlite_binary  
						
						... 
						
						
						
						Add sqlite binary into the docker images 
						
						
							
						
					 
					
						2019-10-01 19:50:41 +02:00 
						 
				 
			
				
					
						
							
							
								Miro Prasil 
							
						 
					 
					
						
						
							
						
						d6e9af909b 
					 
					
						
						
							
							Remove the unnecessary check for sqlite  
						
						... 
						
						
						
						The binary we use is called `sqlite3` so no need to check for other
name variants as we won't use those anyways. 
						
						
							
						
					 
					
						2019-10-01 10:40:22 +01:00 
						 
				 
			
				
					
						
							
							
								Miro Prasil 
							
						 
					 
					
						
						
							
						
						acdd42935b 
					 
					
						
						
							
							Add sqlite binary into the docker images  
						
						... 
						
						
						
						This is done to enable backup functionality in the admin interface while
we're waiting for the libsqlite-sys 0.17 to bubble up in the upstream
dependencies. Then we can start using `VACUUM INTO`
This also extends the check for the sqlite binary to also try `sqlite3`
as this is the name of the binary in baseimage distributions we use. 
						
						
							
						
					 
					
						2019-09-30 13:54:06 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						8367d1d715 
					 
					
						
						
							
							Merge pull request  #631  from vverst/cors-put  
						
						... 
						
						
						
						Use Access-Control-Allow-Method 
						
						
							
						
					 
					
						2019-09-23 20:03:51 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						56f12dc982 
					 
					
						
						
							
							Use Access-Control-Allow-Method  
						
						
						
						
							
						
					 
					
						2019-09-23 07:44:44 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						4c07f05b3a 
					 
					
						
						
							
							Remove Result<T, E: Debug> in preparation of deprecation as Rocket responder.  
						
						... 
						
						
						
						Removed unnecessary returns 
						
						
							
						
					 
					
						2019-09-17 21:05:56 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						b73ff886c3 
					 
					
						
						
							
							Use upstream rmp  
						
						
						
						
							
						
					 
					
						2019-09-17 19:47:51 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						2e7bd62353 
					 
					
						
						
							
							Merge pull request  #624  from swedishborgie/postgresql  
						
						... 
						
						
						
						Fix issue with downloading attachments and PostgreSQL backend. 
						
						
							
						
					 
					
						2019-09-17 18:50:40 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Powers 
							
						 
					 
					
						
						
							
						
						1264eb640a 
					 
					
						
						
							
							Added a migration that  fixes   #1  which caused attachments to be broken  
						
						... 
						
						
						
						for the PostgreSQL backend. Also converts any CHAR types to VARCHAR to prevent the same issue from causing problems down the line. 
						
						
							
						
					 
					
						2019-09-16 19:52:00 -04:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						3a90364b32 
					 
					
						
						
							
							Merge pull request  #621  from swedishborgie/postgresql  
						
						... 
						
						
						
						Adds support for PostgreSQL which adds #87  and is mentioned in #246 . 
						
						
							
						
					 
					
						2019-09-16 20:05:05 +02:00 
						 
				 
			
				
					
						
							
							
								Michael Powers 
							
						 
					 
					
						
						
							
						
						f5f9861a78 
					 
					
						
						
							
							Adds support for PostgreSQL which  resolves   #87  and is mentioned in  #246 .  
						
						... 
						
						
						
						This includes migrations as well as Dockerfile's for amd64.
The biggest change is that replace_into isn't supported by Diesel for the
PostgreSQL backend, instead requiring the use of on_conflict. This
unfortunately requires a branch for save() on all of the models currently
using replace_into. 
						
						
							
						
					 
					
						2019-09-12 16:12:22 -04:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						f9408a00c6 
					 
					
						
						
							
							Allow self signed certs and increase a bit the timings  
						
						
						
						
							
						
					 
					
						2019-09-11 22:01:42 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						ae8bf954c1 
					 
					
						
						
							
							Updated web vault to 2.12  
						
						
						
						
							
						
					 
					
						2019-09-07 22:13:56 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						c656f2f694 
					 
					
						
						
							
							Merge pull request  #604  from mprasil/fix-healthcheck  
						
						... 
						
						
						
						Fix  #603  and  remove mysql from sqlite image 
					
						2019-09-06 10:47:10 +02:00 
						 
				 
			
				
					
						
							
							
								Miro Prasil 
							
						 
					 
					
						
						
							
						
						eea3f13bb3 
					 
					
						
						
							
							Fix   #603  and  remove mysql from sqlite image  
						
						... 
						
						
						
						This changes the healthcheck to use `sh` instead of bash, that is absent
from some image versions. (like alpine)
It also removes `*mariadb*` packages from runtime image of sqlite images
as these shouldn't be required. 
						
						
							
						
					 
					
						2019-09-06 09:34:21 +01:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						df8114f8be 
					 
					
						
						
							
							Updated client kdf iterations to 100000 and fixed some lints  
						
						
						
						
							
						
					 
					
						2019-09-05 21:56:12 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						dda244edd8 
					 
					
						
						
							
							Merge pull request  #589  from H3npi/H3npi-patch-1  
						
						... 
						
						
						
						Adds Healthcheck for default docker container 
						
						
							
						
					 
					
						2019-09-05 19:47:10 +02:00 
						 
				 
			
				
					
						
							
							
								H3npi 
							
						 
					 
					
						
						
							
						
						cce3ce816c 
					 
					
						
						
							
							Adds environment port to curl healthcheck  
						
						
						
						
							
						
					 
					
						2019-09-04 09:12:53 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						65c0d1064b 
					 
					
						
						
							
							Merge pull request  #599  from vverst/cors  
						
						... 
						
						
						
						Add Cors headers 
						
						
							
						
					 
					
						2019-09-03 20:22:54 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						5a2f968d7a 
					 
					
						
						
							
							Set correct response headers, status code  
						
						
						
						
							
						
					 
					
						2019-09-02 21:13:12 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						16d88402cb 
					 
					
						
						
							
							Initial version of CORS support  
						
						
						
						
							
						
					 
					
						2019-09-01 13:00:12 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						7dcf18151d 
					 
					
						
						
							
							Fix onsubmit  
						
						
						
						
							
						
					 
					
						2019-08-31 17:57:47 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						e3404dd322 
					 
					
						
						
							
							Use the local scripts instead of cloudflare, remove jquery and update config so disabling a master toggle doesn't remove the values  
						
						
						
						
							
						
					 
					
						2019-08-31 17:47:52 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						bfc517ee80 
					 
					
						
						
							
							Remove unused warning  
						
						
						
						
							
						
					 
					
						2019-08-31 17:26:16 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						4a7d2a1e28 
					 
					
						
						
							
							Rename static files endpoint  
						
						
						
						
							
						
					 
					
						2019-08-31 17:25:31 +02:00 
						 
				 
			
				
					
						
							
							
								H3npi 
							
						 
					 
					
						
						
							
						
						66a68f6d22 
					 
					
						
						
							
							Adds Healthcheck for all docker container  
						
						
						
						
							
						
					 
					
						2019-08-29 09:02:02 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						469318bcbd 
					 
					
						
						
							
							Updated dependencies and web vault version  
						
						
						
						
							
						
					 
					
						2019-08-27 21:14:15 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						c07c9995ea 
					 
					
						
						
							
							Merge pull request  #555  from vverst/email-codes  
						
						... 
						
						
						
						Add Email 2FA login 
						
						
							
						
					 
					
						2019-08-27 21:07:41 +02:00 
						 
				 
			
				
					
						
							
							
								Daniel García 
							
						 
					 
					
						
						
							
						
						2c2276c5bb 
					 
					
						
						
							
							Merge pull request  #585  from ViViDboarder/mail-auth-over-insecure  
						
						... 
						
						
						
						Allow explicitly defined smtp auth mechansim 
						
						
							
 
						
					 
					
						2019-08-27 20:21:23 +02:00 
						 
				 
			
				
					
						
							
							
								ViViDboarder 
							
						 
					 
					
						
						
							
						
						672a245548 
					 
					
						
						
							
							Remove unecessary clone  
						
						
						
						
							
						
					 
					
						2019-08-27 10:40:38 -07:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						5d50b1ee3c 
					 
					
						
						
							
							Merge remote-tracking branch 'upstream/master' into email-codes  
						
						
						
						
							
						
					 
					
						2019-08-26 21:38:45 +02:00 
						 
				 
			
				
					
						
							
							
								vpl 
							
						 
					 
					
						
						
							
						
						c99df1c310 
					 
					
						
						
							
							Compare token using crypto::ct_eq  
						
						
						
						
							
						
					 
					
						2019-08-26 20:26:59 +02:00