coop-cloud/hedgedoc
coop-cloud/hedgedoc
1
1
Fork 3
Code Issues 1 Pull Requests 1 Releases Wiki Activity

security upgrade #17

Merged
fauno merged 6 commits from upgrade into main 2025-04-23 19:46:19 +00:00
Conversation 8 Commits 6 Files Changed 4 +8 -6
fauno commented 2025-04-10 18:31:47 +00:00
Owner
Copy Link

but it comes with a change i was discussing with @3wordchant over matrix. this currently works for our sqlite deploy

but it comes with a change i was discussing with @3wordchant over matrix. this currently works for our sqlite deploy
❤️ 1
fauno added 2 commits 2025-04-10 18:31:47 +00:00 
https://github.com/hedgedoc/hedgedoc/security/advisories/GHSA-3983-rrqh-mvx5
fix: prevent unbound variable error
Some checks failed
continuous-integration/drone/pr Build is failing
Details
d0191f1c49
fauno added 1 commit 2025-04-10 18:42:36 +00:00
fix: provide default values for variables
Some checks failed
continuous-integration/drone/pr Build is failing
Details
29a7d585dc
fauno commented 2025-04-10 19:05:20 +00:00
Author
Owner
Copy Link

ok! got the set -u back by providing default empty values to variables that could be unset

ok! got the `set -u` back by providing default empty values to variables that could be unset
decentral1se reviewed 2025-04-11 19:55:15 +00:00
decentral1se left a comment
Owner
Copy Link

I'm not sure what -z does but isn't CMD_DB_URL always set from the compose.yml and so the check never gets in to re-setting it for the postgres case? I might be missing something here 🤔 Also yes, this PR became more than a "security upgrade" 🙃 Let's update the title for those coming later?

I'm not sure what `-z` does but isn't `CMD_DB_URL` always set from the `compose.yml` and so the check never gets in to re-setting it for the postgres case? I might be missing something here 🤔 Also yes, this PR became more than a "security upgrade" 🙃 Let's update the title for those coming later?
fauno commented 2025-04-11 19:58:08 +00:00
Author
Owner
Copy Link

yeah you're right! -z checks the variable is empty, but since pg doesn't rewrite it to an empty string, the check never passes

yeah you're right! `-z` checks the variable is empty, but since pg doesn't rewrite it to an empty string, the check never passes
🎉 1
fauno added 3 commits 2025-04-11 20:01:48 +00:00
fix: check for password file presence to build db url
Some checks failed
continuous-integration/drone/pr Build is failing
Details
954bfae9ee
fauno commented 2025-04-11 20:02:15 +00:00
Author
Owner
Copy Link

ok now it checks for password file presence

ok now it checks for password file presence
👍 1
fauno force-pushed upgrade from 954bfae9ee to 29968706fc 2025-04-11 20:02:53 +00:00 Compare
decentral1se approved these changes 2025-04-12 11:54:11 +00:00
decentral1se left a comment
Owner
Copy Link

LGTM

LGTM
fauno commented 2025-04-14 13:55:28 +00:00
Author
Owner
Copy Link

@3wordchant would you test it before release?

@3wordchant would you test it before release?
fauno commented 2025-04-23 19:46:08 +00:00
Author
Owner
Copy Link

i tested it myself and works ok! just a note @decentral1se before upgrading abra (i was on 0.10 rc but i'm not sure which one now) i could tell when a new config was being installed, with 0.10 this info isn't shown. let me know if i should open an issue about it.

i tested it myself and works ok! just a note @decentral1se before upgrading abra (i was on 0.10 rc but i'm not sure which one now) i could tell when a new config was being installed, with 0.10 this info isn't shown. let me know if i should open an issue about it.
🎉 1
fauno merged commit 8d23542076 into main 2025-04-23 19:46:19 +00:00
fauno deleted branch upgrade 2025-04-23 19:46:19 +00:00
decentral1se commented 2025-04-24 06:28:40 +00:00
Owner
Copy Link

just a note @decentral1se before upgrading abra (i was on 0.10 rc but i'm not sure which one now) i could tell when a new config was being installed, with 0.10 this info isn't shown. let me know if i should open an issue about it.

@fauno yes, please open an issue: https://git.coopcloud.tech/toolshed/abra/issues/new

This output could come back but it'd be good to understand why and see if others want that also.

> just a note @decentral1se before upgrading abra (i was on 0.10 rc but i'm not sure which one now) i could tell when a new config was being installed, with 0.10 this info isn't shown. let me know if i should open an issue about it. @fauno yes, please open an issue: https://git.coopcloud.tech/toolshed/abra/issues/new This output could come back but it'd be good to understand why and see if others want that also.
Sign in to join this conversation.
Reviewers
No Reviewers
decentral1se
Labels
Clear labels
bug
Something is not working
duplicate
This issue or pull request already exists
enhancement
New feature
help wanted
Need some help
invalid
Something is wrong
question
More information is needed
wontfix
This won't be fixed
No Label
Milestone
No items
No Milestone
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud decentral1se fauno flancian Frando iexos javielico kawaiipunk knoflook lambdabundesverband mac-chaffee marlon mayel mirsal moritz nicksellen notplants p4u1 pau renovate-bot rix sef simon stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/hedgedoc#17
No description provided.
Delete Branch "upgrade"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?