Jan Böhmer
a46f1713fe
Use the correct yarn urls
2026-06-21 15:52:52 +02:00
Jan Böhmer
22f23d9c82
Upgraded jquery to 4.0.0
2026-06-21 15:51:22 +02:00
Jan Böhmer
b4cf5b57fa
Translate Swal buttons
2026-06-21 15:10:39 +02:00
Jan Böhmer
3491559e9f
Migrated register_events from jquery to native JS
2026-06-21 14:52:30 +02:00
Jan Böhmer
b83fc73e18
Remove jquery command from error_handler.js
2026-06-21 14:46:15 +02:00
Jan Böhmer
8c88df4ecf
Use upstream version of dataTables.select as the fix was merged
2026-06-21 14:41:56 +02:00
Jan Böhmer
176d5ad2b6
Improved page load error dialog
...
We now show a more user friendly message
2026-06-21 14:37:40 +02:00
Jan Böhmer
99e56c4b1d
Moved alerts and dialogs from unsupported bootbox to Sweetalert2 library
2026-06-21 14:21:01 +02:00
Jan Böhmer
a489380f49
Merge remote-tracking branch 'origin/master'
2026-06-21 12:49:06 +02:00
Jan Böhmer
9127bcf25e
Added it and pl translations for password estimator, use lvenshtein distance and block partdb word
2026-06-21 12:49:00 +02:00
Jan Böhmer
c3af73daae
Use dictonaries for german and english words for password estimator
2026-06-21 12:37:31 +02:00
Jan Böhmer
7e90f6d707
Updated password strenght estimator to latest version and show crack time estimate as tooltip
2026-06-21 12:33:30 +02:00
Jan Böhmer
a793bc32c7
Update KiCad symbols and footprints lists ( #1411 )
...
Build assets artifact / Build assets artifact (push) Waiting to run
Docker Image Build / build (linux/amd64, amd64, ubuntu-latest) (push) Waiting to run
Docker Image Build / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Waiting to run
Docker Image Build / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Waiting to run
Docker Image Build / merge (push) Blocked by required conditions
Docker Image Build (FrankenPHP) / build (linux/amd64, amd64, ubuntu-latest) (push) Waiting to run
Docker Image Build (FrankenPHP) / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Waiting to run
Docker Image Build (FrankenPHP) / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Waiting to run
Docker Image Build (FrankenPHP) / merge (push) Blocked by required conditions
Static analysis / Static analysis (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, mysql) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, mysql) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, mysql) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, mysql) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, postgres) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, postgres) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, postgres) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, postgres) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, sqlite) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, sqlite) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, sqlite) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, sqlite) (push) Waiting to run
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-06-20 23:59:22 +02:00
Jan Böhmer
e642dbe060
Bumped to version 2.12.3
2026-06-20 23:51:51 +02:00
Jan Böhmer
8ba3139617
Updated dependencies
2026-06-20 23:49:22 +02:00
Jan Böhmer
b62f47ba05
Set CSP policy for static assets for security hardeninng
2026-06-20 23:42:01 +02:00
Jan Böhmer
0cd83f0322
Set strict CSP policies when serving files from the attachment endpoints
2026-06-20 23:02:55 +02:00
Jan Böhmer
02726fdf69
Sanatize SVG files, even when they try to hide themselves with a different extension
2026-06-17 22:38:41 +02:00
dependabot[bot]
98df91d785
Bump codecov/codecov-action from 6 to 7 ( #1407 )
...
Build assets artifact / Build assets artifact (push) Has been cancelled
Docker Image Build / build (linux/amd64, amd64, ubuntu-latest) (push) Has been cancelled
Docker Image Build / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/amd64, amd64, ubuntu-latest) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Has been cancelled
Static analysis / Static analysis (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, sqlite) (push) Has been cancelled
Docker Image Build / merge (push) Has been cancelled
Docker Image Build (FrankenPHP) / merge (push) Has been cancelled
Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action ) from 6 to 7.
- [Release notes](https://github.com/codecov/codecov-action/releases )
- [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md )
- [Commits](https://github.com/codecov/codecov-action/compare/v6...v7 )
---
updated-dependencies:
- dependency-name: codecov/codecov-action
dependency-version: '7'
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2026-06-14 23:22:04 +02:00
Jan Böhmer
bffb2c1d70
Bumped versionnn to 2.12.2
2026-06-14 23:21:36 +02:00
Jan Böhmer
d44ce85d89
Merge branch 'fix_deprecations'
2026-06-14 23:20:08 +02:00
Jan Böhmer
12f4a3606e
Remove deprecation logging by default and added env to reenable it again
...
The files can easily get quite large and probably also not good for performance. This fixes issue #1405
2026-06-14 23:19:59 +02:00
d-buchmann
192c5fcaa3
Update hide_sidebar_controller.js ( #1404 )
...
With this fix, the sidebar state is reapplied correctly on page reload.
2026-06-14 22:52:08 +02:00
d-buchmann
63d507b2f3
Update StorageLocation.php ( #1403 )
...
fixes #1398
2026-06-14 22:48:58 +02:00
Jan Böhmer
ef7e6d6f3b
Fixed MYSQL_ATTR_INIT_COMMAND deprecation
2026-06-14 22:44:17 +02:00
Jan Böhmer
350e5a0245
Fixed deprecationn in TreeController
2026-06-14 22:40:23 +02:00
Jan Böhmer
704f7e7645
Update KiCad symbols and footprints lists ( #1402 )
...
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-06-14 22:32:31 +02:00
Jan Böhmer
589f420b79
Updated dependencies
2026-06-14 22:19:43 +02:00
Jan Böhmer
dfbdac7688
Avoid using render in datatables, as it require escaping
...
This commit also fixes an XSS vulnerability in IPN project bom
2026-06-14 22:16:00 +02:00
Jan Böhmer
11b41ee66a
Hardened against potential XSS injection in table columns
2026-06-14 12:08:25 +02:00
Jan Böhmer
c9dd27712c
Fixed stored XSS vulnerability in BOM Validation Service
2026-06-14 11:55:16 +02:00
Jan Böhmer
8421636b1c
Use HTML sanatizer to harden HTML rendering on log_details page
...
Should be more safe than use |raw directly and for these smalls things performance hit is zero.
2026-06-10 23:43:07 +02:00
Jan Böhmer
b357ee196c
Avoid usage of raw filter in javascript to minimize risk
2026-06-10 23:37:57 +02:00
Jan Böhmer
0c5f8dc9fd
Updated dependencies
2026-06-10 23:37:22 +02:00
Jan Böhmer
57a0dfdbdb
Fixed phpstan issue
Build assets artifact / Build assets artifact (push) Has been cancelled
Docker Image Build / build (linux/amd64, amd64, ubuntu-latest) (push) Has been cancelled
Docker Image Build / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/amd64, amd64, ubuntu-latest) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Has been cancelled
Static analysis / Static analysis (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, sqlite) (push) Has been cancelled
Docker Image Build / merge (push) Has been cancelled
Docker Image Build (FrankenPHP) / merge (push) Has been cancelled
2026-06-07 22:49:41 +02:00
Jan Böhmer
61dcc99597
New Crowdin updates ( #1383 )
...
* New translations messages.en.xlf (German)
[ci skip]
* New translations messages.en.xlf (German)
[ci skip]
* New translations messages.en.xlf (German)
[ci skip]
* New translations messages.en.xlf (English)
[ci skip]
* New translations messages.en.xlf (German)
[ci skip]
* New translations messages.en.xlf (English)
[ci skip]
2026-06-07 22:47:22 +02:00
Jan Böhmer
cf8826a906
Bumped version to 2.12.1
2026-06-07 22:43:33 +02:00
Jan Böhmer
4b00541dd6
Improved APP_SECRET warning message
2026-06-07 22:43:06 +02:00
Jan Böhmer
93ab410857
Added documentation about changing the APP_SECRET env on installation
2026-06-07 22:37:47 +02:00
Jan Böhmer
cb28afcdf5
Moved APP_SECRET value to the top of .env
2026-06-07 22:28:29 +02:00
Jan Böhmer
f888e10827
Show a warning if using the default APP_SECRET value
2026-06-07 22:26:45 +02:00
Jan Böhmer
c229208bd5
Rename phar files on upload
Build assets artifact / Build assets artifact (push) Waiting to run
Docker Image Build / build (linux/amd64, amd64, ubuntu-latest) (push) Waiting to run
Docker Image Build / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Waiting to run
Docker Image Build / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Waiting to run
Docker Image Build / merge (push) Blocked by required conditions
Docker Image Build (FrankenPHP) / build (linux/amd64, amd64, ubuntu-latest) (push) Waiting to run
Docker Image Build (FrankenPHP) / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Waiting to run
Docker Image Build (FrankenPHP) / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Waiting to run
Docker Image Build (FrankenPHP) / merge (push) Blocked by required conditions
Static analysis / Static analysis (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, mysql) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, mysql) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, mysql) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, mysql) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, postgres) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, postgres) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, postgres) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, postgres) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, sqlite) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, sqlite) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, sqlite) (push) Waiting to run
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, sqlite) (push) Waiting to run
2026-06-07 20:45:43 +02:00
Jan Böhmer
6e5d1c967f
Block access to all php and phar files that are uploaded into the media folder
2026-06-07 20:40:15 +02:00
tonghuaroot
c2ec0ee12b
Escape user-controlled element/collection names in CollectionElementDeleted log rendering
...
LogEntryExtraFormatter::getInternalFormat() escapes user-controlled
strings with htmlspecialchars() in every branch except the
CollectionElementDeleted one, which interpolates getOldName() and
getCollectionName() into the returned HTML unescaped. That string is
rendered as raw HTML by LogEntryExtraColumn in the activity-log and
element-history DataTables, so a name set on a deleted sub-element
(parameter/attachment/lot/orderdetail) by a low-privileged editor is
parsed as live markup in a log viewer's browser (stored XSS / HTML
injection).
Wrap both values in htmlspecialchars(), matching the sibling branches
(e.g. ElementDeletedLogEntry at the old_name line).
2026-06-07 18:04:40 +02:00
Jan Böhmer
6ae4381551
Fixed phpstan issues
2026-06-07 14:11:53 +02:00
Jan Böhmer
e018e1d821
Merge remote-tracking branch 'origin/master'
2026-06-07 14:08:48 +02:00
Jan Böhmer
4b6a3ba72b
Updated dependencies
2026-06-07 14:08:46 +02:00
Jan Böhmer
c547500031
Update KiCad symbols and footprints lists ( #1395 )
...
Co-authored-by: github-actions[bot] <github-actions[bot]@users.noreply.github.com>
2026-06-07 14:08:00 +02:00
Jan Böhmer
4b119490ca
Updated depdencies
Build assets artifact / Build assets artifact (push) Has been cancelled
Docker Image Build / build (linux/amd64, amd64, ubuntu-latest) (push) Has been cancelled
Docker Image Build / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/amd64, amd64, ubuntu-latest) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Has been cancelled
Static analysis / Static analysis (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, sqlite) (push) Has been cancelled
Docker Image Build / merge (push) Has been cancelled
Docker Image Build (FrankenPHP) / merge (push) Has been cancelled
2026-06-03 22:49:22 +02:00
Jan Böhmer
e8af0e9b4f
Bumped version to 2.12.0
Build assets artifact / Build assets artifact (push) Has been cancelled
Docker Image Build / build (linux/amd64, amd64, ubuntu-latest) (push) Has been cancelled
Docker Image Build / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/amd64, amd64, ubuntu-latest) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/arm/v7, armv7, ubuntu-24.04-arm) (push) Has been cancelled
Docker Image Build (FrankenPHP) / build (linux/arm64, arm64, ubuntu-24.04-arm) (push) Has been cancelled
Static analysis / Static analysis (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, mysql) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, postgres) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.2, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.3, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.4, sqlite) (push) Has been cancelled
PHPUnit Tests / PHPUnit and coverage Test (PHP 8.5, sqlite) (push) Has been cancelled
Docker Image Build / merge (push) Has been cancelled
Docker Image Build (FrankenPHP) / merge (push) Has been cancelled
2026-05-25 22:45:19 +02:00
