8000
Skip to content

fix(core): Upgrade tournament to address some XSS vulnerabilities#10277

Merged
netroy merged 1 commit intomasterfrom
upgrade-tournament
Aug 1, 2024
Merged

fix(core): Upgrade tournament to address some XSS vulnerabilities#10277
netroy merged 1 commit intomasterfrom
upgrade-tournament

Conversation

@netroy
Copy link
Copy Markdown
Contributor
@netroy netroy commented Aug 1, 2024

Summary

Related PRs:

Related Linear tickets, Github issues, and Community forum posts

https://linear.app/n8n/issue/SEC-58
https://linear.app/n8n/issue/SEC-60

Review / Merge checklist

  • PR title and summary are descriptive

@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team labels Aug 1, 2024
@cypress
Copy link
Copy Markdown
cypress bot commented Aug 1, 2024


Test summary

390 0 0 0Flakiness 0

Run details
Project n8n
Status Passed
Commit 00ff299
Started Aug 1, 2024 3:14 PM
Ended Aug 1, 2024 3:19 PM
Duration 04:48 💡
OS Linux Debian -
Browser Electron 118

View run in Cypress Cloud ➡️

This comment has been generated by cypress-bot as a result of this project's GitHub integration settings. You can manage this integration in this project's settings in the Cypress Cloud

@github-actions
Copy link
Copy Markdown
Contributor
github-actions bot commented Aug 1, 2024

✅ All Cypress E2E specs passed

@netroy netroy merged commit 43ae159 into master Aug 1, 2024
@netroy netroy deleted the upgrade-tournament branch August 1, 2024 15:19
despairblue pushed a commit that referenced this pull request Aug 2, 2024
@netroy @despairblue
fix(core): Upgrade tournament to address some XSS vulnerabilities (#1…
887ed17 
…0277)
@github-actions github-actions bot mentioned this pull request Aug 2, 2024
Merged
@janober
Copy link
Copy Markdown
Member
janober commented Aug 2, 2024

Got released with n8n@1.53.1

MiloradFilipovic added a commit that referenced this pull request Aug 2, 2024
@MiloradFilipovic
Merge branch 'master' into ask-assistant
1bbbc81 
* master:
  refactor(core): Clean up event relays (no-changelog) (#10284)
  fix(editor): Fix execution retry button (#10275)
  feat(core): Show sub-node error on the logs pane. Open logs pane on sub-node error (#10248)
  refactor(core): Move instanceRole to InstanceSettings (no-changelog) (#10242)
  feat(core): Allow filtering executions and users by project in Public API  (#10250)
  fix(core): Make execution and its data creation atomic (#10276)
  refactor(core): Mark schema env vars used by cloud hooks (no-changelog) (#10283)
  ci: Fix DB tests (no-changelog) (#10282)
  feat(core): Support create, delete, edit role for users in Public API (#10279)
  refactor(core): Decouple post workflow execute event from internal hooks (no-changelog) (#10280)
  feat(core): Allow transferring credentials in Public API (#10259)
  feat(core): Support create, read, update, delete projects in Public API (#10269)
  ci: Introduce lint rule `no-type-unsafe-event-emitter` (no-changelog) (#10254)
  fix(core): Surface enterprise trial error message (#10267)
  fix(editor): Enable moving resources only if team projects are available by the license (#10271)
  fix(core): Upgrade tournament to address some XSS vulnerabilities (#10277)

# Conflicts:
#	packages/cli/src/Server.ts
@github-actions github-actions bot mentioned this pull request Aug 7, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@valya valya valya approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team Released security

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@netroy @janober @valya
0