Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository:ShawnCosby/BlogEngine.NET
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base:master
Choose a base ref
...
head repository:BlogEngine/BlogEngine.NET
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare:master
Choose a head ref
Checking mergeability… Don’t worry, you can still create the pull request.
  • 12 commits
  • 7 files changed
  • 5 contributors

Commits on May 5, 2022

  1. Added 'SameSite=Strict' cookie attribute, reducing overall CSRF attac…

    …k surface
    0xLanks authored and 0xLanks committed May 5, 2022
    Configuration menu
    Copy the full SHA
    4033c72View commit details
    Browse the repository at this point in the history

  2. Fixed XXE vulnerability when importing a new blog

    0xLanks authored and 0xLanks committed May 5, 2022
    Configuration menu
    Copy the full SHA
    16343deView commit details
    Browse the repository at this point in the history

  3. Fixed authorization controls on controller actions and added path san…

    …itization preventing path traversal
    0xLanks authored and 0xLanks committed May 5, 2022
    Configuration menu
    Copy the full SHA
    035bc37View commit details
    Browse the repository at this point in the history

Commits on May 6, 2022

  1. Merge pull requestBlogEngine#247from 0xLanks/fix-security-issues

    Fixed security issues
    @rxtur
    rxtur authored May 6, 2022
    Configuration menu
    Copy the full SHA
    7f92756View commit details
    Browse the repository at this point in the history

Commits on Oct 24, 2022

  1. fixCVE-2022-41418

    @tree-chtsec
    tree-chtsec committed Oct 24, 2022
    Configuration menu
    Copy the full SHA
    61daddfView commit details
    Browse the repository at this point in the history

  2. fixCVE-2022-41417.

    But GetDirectory() will create folder if not exists by design. The problem exists in ~/App_Data/Files/<here> despite this fix.
    @tree-chtsec
    tree-chtsec committed Oct 24, 2022
    Configuration menu
    Copy the full SHA
    9a8a7e3View commit details
    Browse the repository at this point in the history

Commits on Jan 12, 2023

  1. fix

    @farzindev
    farzindev committed Jan 12, 2023
    Configuration menu
    Copy the full SHA
    43d25d8View commit details
    Browse the repository at this point in the history

  2. Merge pull requestBlogEngine#260from tree-chtsec/master

    Fixed security issues
    @farzindev
    farzindev authored Jan 12, 2023
    Configuration menu
    Copy the full SHA
    9a37bd1View commit details
    Browse the repository at this point in the history

  3. fix

    @farzindev
    farzindev committed Jan 12, 2023
    Configuration menu
    Copy the full SHA
    9742bb7View commit details
    Browse the repository at this point in the history

  4. Merge branch 'master' of github.com:BlogEngine/BlogEngine.NET

    @farzindev
    farzindev committed Jan 12, 2023
    Configuration menu
    Copy the full SHA
    15164eaView commit details
    Browse the repository at this point in the history

  5. fix url

    @farzindev
    farzindev committed Jan 12, 2023
    Configuration menu
    Copy the full SHA
    d0460d1View commit details
    Browse the repository at this point in the history

  6. fix url

    @farzindev
    farzindev committed Jan 12, 2023
    Configuration menu
    Copy the full SHA
    95c8426View commit details
    Browse the repository at this point in the history
Loading