siyuan

mirror of https://github.com/siyuan-note/siyuan.git synced 2026-06-29 15:25:48 +00:00

Author	SHA1	Message	Date
Jeffrey Chen	6ee1b8d989	Improve export file (#17647 ) * 🎨 Improve export file * 🎨 Improve export file	2026-05-11 12:57:52 +08:00
Qiaochu Hu	890d2c5a67	🔒 Fix path traversal vulnerability in /repo/diff/ endpoint (#17657 ) The /repo/diff/ endpoint used the URL path parameter directly in filepath.Join without validation, allowing an authenticated admin user to read arbitrary files via path traversal sequences. This fix: - Cleans the path with filepath.Clean - Rejects paths containing ".." - Validates the final path with IsSubPath to ensure it stays within {TempDir}/repo/diff/ Co-authored-by: Test User <test@example.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 19:20:31 +08:00
Qiaochu Hu	b763d787d1	🔒 Fix path traversal vulnerability in /export/temp/ endpoint (#17656 ) The /export/temp/ endpoint used c.Request.URL.Path directly in filepath.Join without any validation, allowing path traversal via sequences like /export/temp/../../ to access files outside the intended temp directory. This fix: - Constrains file access to {TempDir}/export/temp/ base directory - Cleans the relative path with filepath.Clean - Rejects paths containing ".." - Validates the final path with IsSubPath check Co-authored-by: Test User <test@example.com> Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>	2026-05-10 19:01:32 +08:00
Daniel	ff5db3b09e	🎨 Supports switching between phone and desktop interfaces on mobile https://github.com/siyuan-note/siyuan/issues/13952 Signed-off-by: Daniel <845765@qq.com>	2026-05-07 00:09:40 +08:00
Daniel	972b7088d9	🎨 Improve language conf files parsing Signed-off-by: Daniel <845765@qq.com>	2026-04-30 00:11:21 +08:00
Daniel	bb481e1290	🔒 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hjh7-r5w8-5872 Signed-off-by: Daniel <845765@qq.com>	2026-04-19 17:59:07 +08:00
Jeffrey Chen	0456ea154e	🎨 Support HTTP/2 over HTTPS (#17500 )	2026-04-16 08:23:58 +08:00
Daniel	c1539878c8	♻️ Move IsSubPath to gulu Signed-off-by: Daniel <845765@qq.com>	2026-04-10 00:38:50 +08:00
Jeffrey Chen	5c674d7249	♻️ Replace interface{} with any (#17415 )	2026-04-05 16:48:32 +08:00
Daniel	ebb7dd8511	🔒 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-68p4-j234-43mv Signed-off-by: Daniel <845765@qq.com>	2026-03-28 19:37:37 +08:00
Jeffrey Chen	fdb1e4ac00	♻️ Code style: Comparing with the equality operator fails on wrapped errors (#17303 )	2026-03-22 11:11:25 +08:00
iliya	d3c78f75e7	♻️ kernel/server/serve: remove redundant returns (#17275 )	2026-03-21 11:23:40 +08:00
Daniel	009bb598b3	🔒 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-hhgj-gg9h-rjp7 Signed-off-by: Daniel <845765@qq.com>	2026-03-20 21:54:42 +08:00
Daniel	1048a2bc38	🔒 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-3g9h-9hp4-654v Signed-off-by: Daniel <845765@qq.com>	2026-03-18 09:37:19 +08:00
Yuxin Zhao	7781e6d97b	🔒 Fix https://github.com/siyuan-note/siyuan/issues/17236 (#17242 )	2026-03-18 09:14:19 +08:00
Daniel	6feb2bc8ec	🔒 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-2h2p-mvfx-868w Signed-off-by: Daniel <845765@qq.com>	2026-03-06 16:41:03 +08:00
Daniel	d68bd5a793	🔒 https://github.com/siyuan-note/siyuan/security/advisories/GHSA-6865-qjcf-286f Signed-off-by: Daniel <845765@qq.com>	2026-03-04 11:48:09 +08:00
Daniel	498441c4c9	🎨 Improve lock screen interaction https://github.com/siyuan-note/siyuan/issues/17065 Signed-off-by: Daniel <845765@qq.com>	2026-03-02 23:56:37 +08:00
Daniel	d1170e7b71	🔒 Perform authentication on paths such as widgets, plugins, and templates https://github.com/siyuan-note/siyuan/issues/17118#issuecomment-3984053596 Signed-off-by: Daniel <845765@qq.com>	2026-03-02 21:35:26 +08:00
Daniel	961d081610	🎨 Improve lock screen interaction https://github.com/siyuan-note/siyuan/issues/17065 Signed-off-by: Daniel <845765@qq.com>	2026-03-02 19:53:48 +08:00
Daniel	383519027c	🔒 Authentication is performed on paths such as widgets, plugins, and templates https://github.com/siyuan-note/siyuan/issues/17118 Signed-off-by: Daniel <845765@qq.com>	2026-03-02 18:19:22 +08:00
Davide Garberi	0cc061dec8	🎨 Fix network serving TLS on mobile devices (#17119 ) * Until now, the TLS would only work via the fixed port proxy, which isn't used on mobile devices. * Move the logic for the multiplexer out of the fixed port logic * Use the newly moved multiplexer logic for the regular server as well, whenever the fixed port and the server port match.	2026-03-02 16:43:27 +08:00
Davide Garberi	cff12611c0	🎨 Support HTTPS network serving (#16930 ) * Add use TLS for network serving configuration option * kernel: Implement TLS certificate generation * kernel: server: Use https for fixed port proxy when needed * Allow exporting the CA Certificate file * Implement import and export of CA Certs * kernel: fixedport: Use the same port for HTTP and HTTPS	2026-01-29 09:41:39 +08:00
Daniel	d36e9d7766	Revert "🎨 Implement HTTPS network serving (#16912 )" This reverts commit `43ea6757d5`.	2026-01-27 14:16:16 +08:00
Davide Garberi	43ea6757d5	🎨 Implement HTTPS network serving (#16912 ) * Add use TLS for network serving configuration option * kernel: Implement TLS certificate generation * kernel: server: Use https for fixed port proxy when needed * Allow exporting the CA Certificate file * Implement import and export of CA Certs	2026-01-27 12:59:11 +08:00
Daniel	db4b91b757	🎨 Improve the network serve address list https://github.com/siyuan-note/siyuan/issues/14943 Signed-off-by: Daniel <845765@qq.com>	2026-01-17 11:41:14 +08:00
Daniel	11115da3d0	🔒 Do not execute scripts in assets SVG by default to prevent XSS https://github.com/siyuan-note/siyuan/issues/16844 Signed-off-by: Daniel <845765@qq.com>	2026-01-16 18:11:55 +08:00
Jeffrey Chen	840fd99bbb	🎨 Auto-close browser page when publish service is closed https://github.com/siyuan-note/siyuan/issues/16587#issuecomment-3698421929 (#16804 )	2026-01-10 19:47:30 +08:00
Daniel	ff72ff1f27	🎨 Force download exported files https://github.com/siyuan-note/siyuan/pull/16796 Signed-off-by: Daniel <845765@qq.com>	2026-01-09 18:01:25 +08:00
Jeffrey Chen	6192e87058	🎨 Force download exported files https://github.com/siyuan-note/siyuan/pull/16774 (#16796 )	2026-01-09 11:27:58 +08:00
Daniel	a65dcd220f	🔒 Randomly generate the cookie key https://github.com/siyuan-note/siyuan/issues/16690 Signed-off-by: Daniel <845765@qq.com>	2025-12-26 11:21:47 +08:00
Daniel	ddae80a5f4	🎨 Improve exit Signed-off-by: Daniel <845765@qq.com>	2025-12-09 12:20:57 +08:00
Daniel	00d00b54ef	🐛 Can't switch workspaces on mobile https://github.com/siyuan-note/siyuan/issues/16544 Signed-off-by: Daniel <845765@qq.com>	2025-12-09 12:09:23 +08:00
Daniel	106a679dba	🎨 Improve http server Signed-off-by: Daniel <845765@qq.com>	2025-12-09 11:02:25 +08:00
Daniel	5fb1fcc5ec	⬆️ Upgrade kernel deps Signed-off-by: Daniel <845765@qq.com>	2025-10-18 20:54:32 +08:00
Daniel	31f5797176	🔒 Disable HTTP access to the /assets/ path https://github.com/siyuan-note/siyuan/issues/15257	2025-07-09 20:12:54 +08:00
Daniel	c852f6f51a	⚡ Improve the image loading performance in the database https://github.com/siyuan-note/siyuan/issues/15245	2025-07-09 16:19:19 +08:00
Daniel	46d6fbf033	🎨 Add a 'Remember me' checkbox when logging in to save a session https://github.com/siyuan-note/siyuan/pull/14964 https://github.com/siyuan-note/siyuan/issues/13147	2025-06-05 17:12:33 +08:00
Tomer Shvueli	aa35dd827b	🎨 Add a 'remember me' checkbox when logging in to save a session for 30 days (#14964 )	2025-06-04 15:35:31 +08:00
Daniel	879f50d0d5	🎨 Improve login auth https://github.com/siyuan-note/siyuan/issues/13757	2025-01-09 11:46:23 +08:00
Daniel	e4933d0841	🎨 Support flac audio asset playback https://github.com/siyuan-note/siyuan/issues/13386	2024-12-07 11:13:25 +08:00
Yingyi / 颖逸	62d6c13317	🧑‍💻 Kernel serve CalDAV service on path `/caldav/` (#13321 ) * 🎨 define the interface of CalDAV * 🎨 Adjust iCalendar files directory structure * 🎨 Implement CalDAV Calendar manage functions * 🎨 Implement CalDAV calendar object manage functions * 🎨 improve ETag scheme	2024-12-01 23:20:47 +08:00
Daniel	f34dd62cef	🎨 Access authorization code captcha vulnerability https://github.com/siyuan-note/siyuan/issues/13147	2024-11-15 20:32:54 +08:00
Yingyi / 颖逸	c110b9ff13	🧑‍💻 Kernel serve CardDAV service on path `/carddav/` (#12895 ) * 🎨 add CardDAV server * 🎨 change CardDAV principals path * 🎨 implement load contacts feature * 🎨 implement save contacts feature * 🎨 implement address books CURD * 🐛 fix CardDAV method `OPTIONS` * 🎨 implement addresses CURD * 🎨 implement CardDAV `REPORT` method * 🎨 parse *.vcf file with multiple vCard	2024-11-15 11:19:52 +08:00
Yingyi / 颖逸	9cff5cc235	🧑‍💻 Kernel serve WebDAV service on path `/webdav/` (#12412 ) * 🎨 Add a WebDAV service to the kernel * 🎨 Add more writable WebDAV methods	2024-09-08 10:00:09 +08:00
Oleksandr Redko	b100721fee	♻️ Refactor Go to `err != nil`, `err == nil` (#12385 )	2024-09-04 09:40:50 +08:00
Daniel	f9127e8e0f	🔒 Potential data export disclosure security vulnerability https://github.com/siyuan-note/siyuan/issues/12213	2024-08-08 10:58:43 +08:00
Daniel	f8374201de	🔒 Potential data export disclosure security vulnerability	2024-08-08 10:56:31 +08:00
Daniel	51bd794f43	🎨 Improve assets serving https://github.com/siyuan-note/siyuan/issues/11823	2024-07-01 22:08:30 +08:00
Yingyi / 颖逸	ba2193403d	✨ Support read-only publish service * 🎨 kernel supports read-only publishing services * 🐛 Fix authentication vulnerabilities * 🎨 Protect secret information * 🎨 Adjust the permission control * 🎨 Adjust the permission control * 🎨 Fixed the vulnerability that `getFile` gets file `conf.json` * 🎨 Add API `/api/setting/setPublish` * 🎨 Add API `/api/setting/getPublish` * 🐛 Fixed the issue that PWA-related files could not pass BasicAuth * 🎨 Add a settings panel for publishing features * 📝 Add guide for `Publish Service` * 📝 Update Japanese user guide * 🎨 Merge fixed static file services	2024-06-12 21:03:51 +08:00

1 2 3

124 Commits