dubey/foldsite
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 6 Wiki Activity

6 Releases 6 Tags

RSS Feed
  • v1.0.2 2adde253c9

    Multi-File Upload
    All checks were successful
    Release / build (push) Successful in 34s
    Details
    Release / publish_head (push) Successful in 33s
    Details
    Datadog Software Composition Analysis / Datadog SBOM Generation and Upload (push) Successful in 15s
    Details
    Datadog Secrets Scanning / Datadog Static Analyzer (push) Successful in 10s
    Details
    Datadog Static Analysis / Datadog Static Analyzer (push) Successful in 20s
    Details
    Release / publish_head (release) Has been skipped
    Details
    Release / build (release) Successful in 37s
    Details
    Stable

    dubey released this 2025-03-16 21:23:09 -04:00 | 18 commits to main since this release

    Admin panel supports multi-file upload

    Downloads
  • v1.0.1 744693a5f1

    [Security] Update to Jinja2 and related packages
    All checks were successful
    Release / build (push) Successful in 37s
    Details
    Release / publish_head (push) Successful in 34s
    Details
    Datadog Secrets Scanning / Datadog Static Analyzer (push) Successful in 10s
    Details
    Datadog Software Composition Analysis / Datadog SBOM Generation and Upload (push) Successful in 15s
    Details
    Datadog Static Analysis / Datadog Static Analyzer (push) Successful in 20s
    Details
    Release / publish_head (release) Has been skipped
    Details
    Release / build (release) Successful in 36s
    Details
    Stable

    dubey released this 2025-03-16 13:13:12 -04:00 | 19 commits to main since this release

    Update Jinja2 to resolve GHSA-cpwx-vrp4-4pq7

    TLDR:

    An oversight in how the Jinja sandboxed environment interacts with the |attr filter allows an attacker that controls the content of a template to execute arbitrary Python code.

To exploit the vulnerability, an attacker needs to control the content of a template. Whether that is the case depends on the type of application using Jinja. This vulnerability impacts users of applications which execute untrusted templates.

Jinja's sandbox does catch calls to str.format and ensures they don't escape the sandbox. However, it's possible to use the |attr filter to get a reference to a string's plain format method, bypassing the sandbox. After the fix, the |attr filter no longer bypasses the environment's attribute lookup.

    Docker images are available at:

    git.dws.rip/dubey/foldsite:1.0.1@sha256:8b71c245f5ad1f8d590b8836617b24af01637aa3df5e85858d1e9bf67373252a
git.dws.rip/dubey/foldsite:1.0@sha256:8b71c245f5ad1f8d590b8836617b24af01637aa3df5e85858d1e9bf67373252a
git.dws.rip/dubey/foldsite:sha-744693a5f153e551f9c3629d2fa12b890a268e0d@sha256:8b71c245f5ad1f8d590b8836617b24af01637aa3df5e85858d1e9bf67373252a
git.dws.rip/dubey/foldsite:latest@sha256:8b71c245f5ad1f8d590b8836617b24af01637aa3df5e85858d1e9bf67373252a
    Downloads
  • v1.0.0 fc211edc77

    Initial Release
    All checks were successful
    Datadog Secrets Scanning / Datadog Static Analyzer (push) Successful in 9s
    Details
    Datadog Software Composition Analysis / Datadog SBOM Generation and Upload (push) Successful in 15s
    Details
    Datadog Static Analysis / Datadog Static Analyzer (push) Successful in 19s
    Details
    Release / build (release) Successful in 39s
    Details
    Stable

    dubey released this 2025-03-15 15:57:08 -04:00 | 27 commits to main since this release

    Thanks for using foldsite! It should be mostly production ready.

    Available docker tags are:

    git.dws.rip/dubey/foldsite:1.0.0@sha256:5028fc03de0784bdf188cb61834a0ad78d2832e99dc380615692a9fc6525d117
git.dws.rip/dubey/foldsite:1.0.0@sha256:5028fc03de0784bdf188cb61834a0ad78d2832e99dc380615692a9fc6525d117
git.dws.rip/dubey/foldsite:1.0@sha256:5028fc03de0784bdf188cb61834a0ad78d2832e99dc380615692a9fc6525d117
git.dws.rip/dubey/foldsite:sha-fc211edc7798d7b88c3b0276edce42e402134a69@sha256:5028fc03de0784bdf188cb61834a0ad78d2832e99dc380615692a9fc6525d117
git.dws.rip/dubey/foldsite:latest@sha256:5028fc03de0784bdf188cb61834a0ad78d2832e99dc380615692a9fc6525d117
    Downloads
  • v0.3.0 df0610284d

    CI Test Release 3
    All checks were successful
    Datadog Secrets Scanning / Datadog Static Analyzer (push) Successful in 9s
    Details
    Datadog Software Composition Analysis / Datadog SBOM Generation and Upload (push) Successful in 16s
    Details
    Datadog Static Analysis / Datadog Static Analyzer (push) Successful in 20s
    Details
    Release / build (release) Successful in 37s
    Details
    Stable

    dubey released this 2025-03-15 15:12:41 -04:00 | 28 commits to main since this release

    Testing "v" format

    Downloads
  • 0.2.0 df0610284d

    CI Test Release 2
    All checks were successful
    Datadog Secrets Scanning / Datadog Static Analyzer (push) Successful in 9s
    Details
    Datadog Software Composition Analysis / Datadog SBOM Generation and Upload (push) Successful in 16s
    Details
    Datadog Static Analysis / Datadog Static Analyzer (push) Successful in 20s
    Details
    Release / build (release) Successful in 37s
    Details
    Stable

    dubey released this 2025-03-14 22:47:42 -04:00 | 28 commits to main since this release

    Docker version test

    Downloads
  • 0.1.0 4a7fbff353

    CI Test Release 1
    All checks were successful
    Datadog Secrets Scanning / Datadog Static Analyzer (push) Successful in 10s
    Details
    Datadog Software Composition Analysis / Datadog SBOM Generation and Upload (push) Successful in 15s
    Details
    Datadog Static Analysis / Datadog Static Analyzer (push) Successful in 20s
    Details
    Release / build (release) Successful in 1m40s
    Details
    Stable

    dubey released this 2025-03-14 22:39:14 -04:00 | 29 commits to main since this release

    First release testing Git builds!

    Downloads