From 85243e5284e94222769966f560cff6b605bbdb4d Mon Sep 17 00:00:00 2001 From: Nicolas Giard Date: Tue, 11 Feb 2025 20:46:07 -0500 Subject: [PATCH 1/8] docs: Update SECURITY.md --- SECURITY.md | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index a68b8b9f..0f6a1e66 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -15,13 +15,7 @@ If you find such vulnerability, it's important to disclose it in a quick and sec **DO NOT CREATE A GITHUB ISSUE / DISCUSSION** to report a potential vulnerability / security problem. Instead, choose one of these options: -### A) Submit a Vulnerability Report *(recommended)* - -Fill in the form on https://github.com/requarks/wiki/security/advisories/new - -### B) Send an email - -Send an email to security@requarks.io. +Submit a Vulnerability Report by filling in the form on https://github.com/requarks/wiki/security/advisories/new Include as much details as possible, such as: - The version(s) of Wiki.js that are impacted From 78c41e36e121b10342288e3606f54da4d6899004 Mon Sep 17 00:00:00 2001 From: Nicolas Giard Date: Sun, 23 Mar 2025 21:31:22 -0400 Subject: [PATCH 2/8] fix: use xml-crypto 2.1.6 for passport-saml --- package.json | 3 ++- yarn.lock | 15 ++++++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/package.json b/package.json index 458a6d78..64c1c4d5 100644 --- a/package.json +++ b/package.json @@ -337,7 +337,8 @@ }, "resolutions": { "apollo-server-express/**/graphql-tools": "4.0.8", - "graphql": "15.3.0" + "graphql": "15.3.0", + "passport-saml/**/xml-crypto": "2.1.6" }, "browserslist": [ "> 1%", diff --git a/yarn.lock b/yarn.lock index b311d052..17e8fbd5 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4360,6 +4360,11 @@ resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.7.7.tgz#16bd8a4e5c953018b8168e5d0a7d26b117cd7fa9" integrity sha512-RwEdIYho2kjbSZ7fpvhkHy5wk1Y3x0O6e/EHL3/SoiAfFWH+yhV2/XZQvsBoAeGRNFwgScJS/gRZv+uIwoj7yA== +"@xmldom/xmldom@^0.7.9": + version "0.7.13" + resolved "https://registry.yarnpkg.com/@xmldom/xmldom/-/xmldom-0.7.13.tgz#ff34942667a4e19a9f4a0996a76814daac364cf3" + integrity sha512-lm2GW5PkosIzccsaZIz7tp8cPADSIlIHWDFTR1N0SzfinhhYgeIQjFMz4rYzanCScr3DqQLeomUDArp6MWKm+g== + "@xtuc/ieee754@^1.2.0": version "1.2.0" resolved "https://registry.yarnpkg.com/@xtuc/ieee754/-/ieee754-1.2.0.tgz#eef014a3145ae477a1cbc00cd1e552336dceb790" @@ -20635,12 +20640,12 @@ ws@^7.2.3: resolved "https://registry.yarnpkg.com/ws/-/ws-7.2.5.tgz#abb1370d4626a5a9cd79d8de404aa18b3465d10d" integrity sha512-C34cIU4+DB2vMyAbmEKossWq2ZQDr6QEyuuCzWrM9zfw1sGc0mYiJ0UnG9zzNykt49C2Fi34hvr2vssFQRS6EA== -xml-crypto@^2.1.3: - version "2.1.3" - resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-2.1.3.tgz#6a7272b610ea3e4ea7f13e9e4876f1b20cbc32c8" - integrity sha512-MpXZwnn9JK0mNPZ5mnFIbNnQa+8lMGK4NtnX2FlJMfMWR60sJdFO9X72yO6ji068pxixzk53O7x0/iSKh6IhyQ== +xml-crypto@2.1.6, xml-crypto@^2.1.3: + version "2.1.6" + resolved "https://registry.yarnpkg.com/xml-crypto/-/xml-crypto-2.1.6.tgz#c51a016cc8391fc1d9ebd9abc589e4c08b62d652" + integrity sha512-jjvpO8vHNV8QFhW5bMypP+k4BjBqHe/HrpIwpPcdUnUTIJakSIuN96o3Sdah4tKu2z64kM/JHEH8iEHGCc6Gyw== dependencies: - "@xmldom/xmldom" "^0.7.0" + "@xmldom/xmldom" "^0.7.9" xpath "0.0.32" xml-encryption@^2.0.0: From a393f5f9bcab56590d03bd886ce8e05f05a64b89 Mon Sep 17 00:00:00 2001 From: Nicolas Giard Date: Mon, 31 Mar 2025 03:50:08 -0400 Subject: [PATCH 3/8] docs: Update README.md --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index b4206a88..78cbe5bf 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,6 @@ [![Downloads](https://img.shields.io/github/downloads/Requarks/wiki/total.svg?style=flat&logo=github)](https://github.com/Requarks/wiki/releases) [![Docker Pulls](https://img.shields.io/docker/pulls/requarks/wiki.svg?logo=docker&logoColor=white)](https://hub.docker.com/r/requarks/wiki/) [![Chat on Discord](https://img.shields.io/badge/discord-join-8D96F6.svg?style=flat&logo=discord&logoColor=white)](https://discord.gg/rcxt9QS2jd) -[![Chat on Slack](https://img.shields.io/badge/slack-requarks-CC2B5E.svg?style=flat&logo=slack)](https://wiki.requarks.io/slack) [![Follow on Bluesky](https://img.shields.io/badge/bluesky-%40js.wiki-blue.svg?style=flat&logo=bluesky&logoColor=white)](https://bsky.app/profile/js.wiki) [![Follow on Telegram](https://img.shields.io/badge/telegram-%40wiki__js-blue.svg?style=flat&logo=telegram)](https://t.me/wiki_js) [![Reddit](https://img.shields.io/badge/reddit-%2Fr%2Fwikijs-orange?logo=reddit&logoColor=white)](https://www.reddit.com/r/wikijs/) From 7053819f358802091c5f49bef5b38a7b32714140 Mon Sep 17 00:00:00 2001 From: Nicolas Giard Date: Mon, 31 Mar 2025 03:52:26 -0400 Subject: [PATCH 4/8] docs: Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 78cbe5bf..5a25b9c2 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ - [Demo](https://docs.requarks.io/demo) - [Changelog](https://github.com/requarks/wiki/releases) - [Feature Requests](https://feedback.js.wiki/wiki) -- Chat with us on [Discord](https://discord.gg/rcxt9QS2jd) / [Slack](https://wiki.requarks.io/slack) +- Chat with us on [Discord](https://discord.gg/rcxt9QS2jd) - [Translations](https://docs.requarks.io/dev/translations) *(We need your help!)* - [E2E Testing Results](https://dashboard.cypress.io/projects/r7qxah/runs) - [Special Thanks](#special-thanks) From 9bf9c8af4790051bf9563c4c68d2939ad39d5cdc Mon Sep 17 00:00:00 2001 From: Nicolas Giard Date: Mon, 31 Mar 2025 03:55:18 -0400 Subject: [PATCH 5/8] ci: Update build.yml --- .github/workflows/build.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 05b2e1fe..8c0d613c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -358,16 +358,16 @@ jobs: token: ${{ github.token }} artifacts: 'drop/wiki-js.tar.gz,drop-win/wiki-js-windows.tar.gz' - - name: Notify Slack Releases Channel - uses: slackapi/slack-github-action@v1.26.0 - with: - payload: | - { - "text": "Wiki.js ${{ github.ref_name }} has been released." - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK + # - name: Notify Slack Releases Channel + # uses: slackapi/slack-github-action@v1.26.0 + # with: + # payload: | + # { + # "text": "Wiki.js ${{ github.ref_name }} has been released." + # } + # env: + # SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} + # SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK - name: Notify Telegram Channel uses: appleboy/telegram-action@v0.1.1 From 41d3ba4312fa51f48f61f414599f39bb4fc92d01 Mon Sep 17 00:00:00 2001 From: Nadia Santalla Date: Mon, 7 Apr 2025 15:19:29 +0200 Subject: [PATCH 6/8] chore(helm): render external database URL if it is set (#7036) --- dev/helm/templates/deployment.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dev/helm/templates/deployment.yaml b/dev/helm/templates/deployment.yaml index e6dc786b..4a7e3b8a 100644 --- a/dev/helm/templates/deployment.yaml +++ b/dev/helm/templates/deployment.yaml @@ -51,7 +51,7 @@ spec: {{- end }} - name: DB_TYPE value: postgres - {{- if (.Values.externalPostgresql).databaseURL }} + {{- if and .Values.externalPostgresql .Values.externalPostgresql.databaseURL }} - name: DATABASE_URL value: {{ .Values.externalPostgresql.databaseURL }} - name: NODE_TLS_REJECT_UNAUTHORIZED From d96bbaf42c792f26559540e609b859fa038766ce Mon Sep 17 00:00:00 2001 From: Nicolas Giard Date: Tue, 10 Jun 2025 14:45:46 -0400 Subject: [PATCH 7/8] docs: Update SECURITY.md --- SECURITY.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/SECURITY.md b/SECURITY.md index 0f6a1e66..b905767f 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -13,7 +13,8 @@ If you find such vulnerability, it's important to disclose it in a quick and sec ## Reporting a Vulnerability -**DO NOT CREATE A GITHUB ISSUE / DISCUSSION** to report a potential vulnerability / security problem. Instead, choose one of these options: +> [!CAUTION] +> **DO NOT CREATE A GITHUB ISSUE / DISCUSSION** to report a potential vulnerability / security problem. Instead, use the process below: Submit a Vulnerability Report by filling in the form on https://github.com/requarks/wiki/security/advisories/new @@ -25,3 +26,6 @@ Include as much details as possible, such as: - Your GitHub username if you'd like to be included as a collaborator on the private fix branch The vulnerability will be investigated ASAP. If deemed valid, a draft security advisory will be created on GitHub and you will be included as a collaborator. A fix will be worked on in a private branch to resolves the issue. Once a fix is available, the advisory will be published. + +> [!NOTE] +> There's no reward for submitting a report. As this is open source project and not corporate owned, we are not able to provide monetary rewards. You will however be credited as the bug reporter in the release notes. From 07855ab329fc08b2e0428a0d8ceae72327d4439d Mon Sep 17 00:00:00 2001 From: Nicolas Giard Date: Mon, 28 Jul 2025 13:11:47 -0400 Subject: [PATCH 8/8] docs: Update README.md --- README.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 5a25b9c2..07c7b5ef 100644 --- a/README.md +++ b/README.md @@ -144,13 +144,13 @@ Support this project by becoming a sponsor. Your name will show up in the Contri - - + + Shane Kearney
(@shanekearney) - - - + + +