Crypt-Server icon indicating copy to clipboard operation
Crypt-Server copied to clipboard

verified publisher icon grahamgilbert

Metadata

A Django webapp to escrow filevault keys sent by the Crypt client app.

Results 10 Crypt-Server issues
Sort by recently updated
recently updated
newest added

Bump django from 2.2.27 to 2.2.28 in /setup

Bumps [django](https://github.com/django/django) from 2.2.27 to 2.2.28. Commits 5c33000 [2.2.x] Bumped version for 2.2.28 release. 29a6c98 [2.2.x] Fixed CVE-2022-28347 -- Protected QuerySet.explain(**options) against... 2c09e68 [2.2.x] Fixed CVE-2022-28346 -- Protected QuerySet.annotate(), aggregate(),...

dependabot[bot] avatar dependabot[bot]

dependencies

'Manage'/approve requests doesn't denote secret type

When clicking 'approve requests' from toolbar, type of secret isn't in table view, also noticing type/reason for request isn't populated on admin approval view.

arubdesu avatar arubdesu

Bump cryptography from 41.0.2 to 41.0.4 in /setup

Bumps [cryptography](https://github.com/pyca/cryptography) from 41.0.2 to 41.0.4. Changelog Sourced from cryptography's changelog. 41.0.4 - 2023-09-19 * Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.1.3. .. _v41-0-3: 41.0.3...

dependabot[bot] avatar dependabot[bot]

dependencies

Settings_import python "fixes"

Small items brought up by static analysis (SonarCloud) Remove Try / Except. Validate timezones.

gavinelder avatar gavinelder

Implement AWS IAM-based Authentication to RDS Postgres

This feature will allow Crypt to perform password-less auth against its RDS datastore via AWS IAM. Since this is _exactly_ the same thing (exact same code and all) that I...

ChefAustin avatar ChefAustin

Black Linter Update + Formatting Fix

Hi, I updated Black to resolve [Regular Expression Denial of Service (ReDoS)](https://learn.snyk.io/lesson/redos/?loc=fix-pr) vulnerability. This required updating the formatting of a few files to pass linting since it would throw: ```...

tylerwhardy avatar tylerwhardy

Cross Site Scripting Vulnerability in SAML Auth Flow

3 comment

In the saml2/login endpoint when using 3rd party SSO, the idp parameter is vulnerable to cross-site scripting injection due to insufficient input sanitization. Proof of Concept: Visit the URL endpoint...

tylerwhardy avatar tylerwhardy

Snyk fix f83e2319f63a812f2483f6c46f230f1a

2 comment

Security Fix PR Snyk and manual analysis has created this pull request to fix 4 high-severity vulnerabilities found in the Dockerfile dependencies for this project. Keeping your Docker base image...

tylerwhardy avatar tylerwhardy

Bump gunicorn from 22.0.0 to 23.0.0 in /setup in the pip group across 1 directory

Bumps the pip group with 1 update in the /setup directory: [gunicorn](https://github.com/benoitc/gunicorn). Updates `gunicorn` from 22.0.0 to 23.0.0 Release notes Sourced from gunicorn's releases. 23.0.0 Gunicorn 23.0.0 has been released....

dependabot[bot] avatar dependabot[bot]

dependencies
python

bump asgiref to 3.6.0

encountered an error when building with the updated django which was committed. in order to get it to build, i bumped asgiref to 3.6.0. not sure if we should go...

sphen13 avatar sphen13

Metadata

119
Stars
43
Forks
Watchers

Owner

verified publisher icon grahamgilbert

Metadata

A Django webapp to escrow filevault keys sent by the Crypt client app.

Back