Cutlery/caddy
1
0
Fork 0
mirror of https://github.com/caddyserver/caddy.git synced 2026-06-05 13:35:19 -04:00
Code Issues Actions 6 Packages Projects Releases Wiki Activity
Files
v2.11.4
caddy/modules
T
History
JM Sanchez e2eee6a7fc
Tests / test (s390x on IBM Z) (push) Has been skipped
Details
Tests / goreleaser-check (push) Has been skipped
Details
Cross-Build / build (~1.26.0, 1.26, aix) (push) Successful in 2m48s
Details
Cross-Build / build (~1.26.0, 1.26, darwin) (push) Successful in 2m47s
Details
Tests / test (./cmd/caddy/caddy, ~1.26.0, ubuntu-latest, 0, 1.26, linux) (push) Failing after 3m14s
Details
Cross-Build / build (~1.26.0, 1.26, dragonfly) (push) Successful in 1m31s
Details
Cross-Build / build (~1.26.0, 1.26, freebsd) (push) Successful in 1m44s
Details
Cross-Build / build (~1.26.0, 1.26, illumos) (push) Successful in 1m58s
Details
Cross-Build / build (~1.26.0, 1.26, linux) (push) Successful in 1m31s
Details
Cross-Build / build (~1.26.0, 1.26, netbsd) (push) Successful in 1m40s
Details
Cross-Build / build (~1.26.0, 1.26, openbsd) (push) Successful in 2m5s
Details
Cross-Build / build (~1.26.0, 1.26, solaris) (push) Successful in 1m31s
Details
Cross-Build / build (~1.26.0, 1.26, windows) (push) Successful in 1m46s
Details
Lint / govulncheck (push) Successful in 1m33s
Details
Lint / dependency-review (push) Failing after 1m2s
Details
Lint / lint (ubuntu-latest, linux) (push) Successful in 2m54s
Details
OpenSSF Scorecard supply-chain security / Scorecard analysis (push) Failing after 5m49s
Details
Tests / test (./cmd/caddy/caddy, ~1.26.0, macos-14, 0, 1.26, mac) (push) Has been cancelled
Details
Tests / test (./cmd/caddy/caddy.exe, ~1.26.0, windows-latest, True, 1.26, windows) (push) Has been cancelled
Details
Lint / lint (macos-14, mac) (push) Has been cancelled
Details
Lint / lint (windows-latest, windows) (push) Has been cancelled
Details
templates: Patch for GHSA-vcc4-2c75-vc9v (#7785) 
* Patch GHSA-vcc4-2c75-vc9v in stripHTML

templates: fix funcStripHTML bypass via depth counter

The previous false-start approach allowed XSS bypass via inputs like <<>img src=x onerror=alert(1)> and failed on stacked angle brackets.

Replace the tagStart/inTag state machine with a depth counter that mirrors PHP strip_tags behaviour: each '<' increments depth, each '>' decrements it, and text is only emitted at depth zero. Quoted attribute values (both single and double) are tracked so '>' inside href values does not prematurely close a tag.

Signed-off-by: JM Sanchez <77505889+jmrcsnchz@users.noreply.github.com>

* Update tplcontext_test.go

Templates: expand TestStripHTML with attack path coverage

Signed-off-by: JM Sanchez <77505889+jmrcsnchz@users.noreply.github.com>

---------

Signed-off-by: JM Sanchez <77505889+jmrcsnchz@users.noreply.github.com>
2026-06-01 13:35:02 -06:00
..
caddyevents
refactor: replace HasPrefix+TrimPrefix with CutPrefix (#7095)
2025-06-27 22:04:09 +03:00
caddyfs
events: Refactor; move Event into core, so core can emit events (#6930)
2025-03-29 08:15:43 -06:00
caddyhttp
templates: Patch for GHSA-vcc4-2c75-vc9v (#7785)
2026-06-01 13:35:02 -06:00
caddypki
tls: Add tls_resolvers global option for DNS challenge configuration (#7297)
2026-03-01 15:32:04 -05:00
caddytls
caddytls: skip idna.ToASCII for pure ASCII SNI values (#7770)
2026-05-28 11:18:09 +10:00
filestorage
caddyfile: Normalize & flatten all unmarshalers (#6037)
2024-01-23 19:36:59 -05:00
internal/network
core: add modular network_proxy support (#6399)
2025-03-21 17:06:15 +00:00
logging
chore: clean up wording and typo fixes (#7745)
2026-05-20 16:36:30 +10:00
metrics
metrics: scope metrics to active config, add optional per-host metrics (#6531)
2024-10-02 08:23:26 -06:00
standard
filesystem: Globally declared filesystems, fs directive (#5833)
2024-01-13 20:12:43 +00:00