Commit graph

6655 commits

Author SHA1 Message Date
snipe cf4e13f4df
Merge pull request #10312 from andrewshulgin/patch-1
Fixed: #10311: Docker: ldap_client_tls.{key,cert} are located in /var/www/html/storage instead of /var/lib/snipeit/keys
2021-11-15 14:28:59 -08:00
snipe 8e7565cbe9
Merge pull request #10313 from snipe/snyk-fix-d1fb08ebb2899913c99652bb6e188696
[Snyk] Security upgrade bootstrap-table from 1.18.3 to 1.19.1
2021-11-15 14:28:37 -08:00
snyk-bot 4839b0e008
fix: package.json & package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-BOOTSTRAPTABLE-1657597
2021-11-13 05:19:33 +00:00
Andrew Shulgin d3ddafdff4
Dockerfile: symlink for ldap_client_tls.{cert,key} 2021-11-13 03:00:09 +02:00
Ivan Nieto Vivanco b07db3b324 Added the current_value string to correspondig 'en' language directory 2021-11-11 14:43:47 -06:00
snipe 9ed1442bd1
Merge pull request #10286 from uberbrady/fix_bulk_audit_xss
Escape asset_tag attribute at controller level for bulk checkout
2021-11-08 20:32:02 -08:00
Brady Wetherington 3ea209a507 Escape asset_tag attribute at controller level for consumption in bulk checkout 2021-11-08 20:27:43 -08:00
snipe edf98cb795
Merge pull request #10279 from snipe/fixes/turn_get_into_post_for_custom_field_required
Turn custom fields required/optional/remove into POST requests
2021-11-08 14:37:36 -08:00
snipe 16d18bc7eb
Merge pull request #10283 from snipe/fixes/remove_get_logout_route 2021-11-08 12:55:19 -08:00
snipe 38c36af6fc Changes logout to POST
Signed-off-by: snipe <snipe@snipe.net>
2021-11-08 12:53:11 -08:00
snipe b5855e7be5 Removed get route for logout
Signed-off-by: snipe <snipe@snipe.net>
2021-11-08 12:35:15 -08:00
snipe 0d811d067c Turn cusotm fields required/optional/remove into POST requests
Signed-off-by: snipe <snipe@snipe.net>
2021-11-05 10:53:48 -07:00
snipe fba0e2b712 Revert tableexport
(It broke the npm run prod build)

Signed-off-by: snipe <snipe@snipe.net>
2021-11-03 16:17:19 -07:00
snipe 608c2f91a8 Updated package lock
Signed-off-by: snipe <snipe@snipe.net>
2021-11-03 16:04:48 -07:00
snipe 960028b376 Bumped version
Signed-off-by: snipe <snipe@snipe.net>
2021-11-03 16:04:39 -07:00
snipe 6690a0f1df
Merge pull request #10257 from Wouter0100/patch-1
fix(Docker): use correct python binary for exit listener
2021-11-02 14:53:35 -07:00
Wouter van Os 2c49c32e72 Fixed #10231: use correct python binary for exit listener
This fixes #10231, without creating an own Dockerfile.
2021-11-02 13:06:36 +01:00
snipe 76cc46c419
Merge pull request #9814 from 01ste02/importMinAmt
Improved Consumable Import: Import min_amt for consumables
2021-10-28 17:49:44 -07:00
snipe dc71f6ddc6
Merge pull request #9871 from jethron/patch-1
Fixed: double slashes in branding logo URL path
2021-10-28 17:36:43 -07:00
snipe 7470fdb605
Merge pull request #9912 from snipe/snyk-upgrade-1377cc2d38a76585c814757398543f5f
[Snyk] Upgrade tableexport.jquery.plugin from 1.10.21 to 1.10.26
2021-10-28 17:15:10 -07:00
snipe 930e220cf1
Merge pull request #9915 from snipe/snyk-upgrade-b2b26cf8ec7a697fe0094f699652a345
[Snyk] Upgrade bootstrap-table from 1.18.2 to 1.18.3
2021-10-28 17:12:47 -07:00
snipe 2f9e5f79af
Merge pull request #10139 from FliegenKLATSCH/patch-1
API: Do not include deleted items per default on lookup by serial
2021-10-28 17:09:20 -07:00
snipe 927fba179d
Merge pull request #10241 from snipe/snyk-fix-a23047e623395f58c0f4d50feb55a3a3
[Snyk] Security upgrade jquery-ui from 1.12.1 to 1.13.0
2021-10-28 16:35:32 -07:00
snyk-bot dfde50732b
fix: package.json & package-lock.json to reduce vulnerabilities
The following vulnerabilities are fixed with an upgrade:
- https://snyk.io/vuln/SNYK-JS-JQUERYUI-1767167
- https://snyk.io/vuln/SNYK-JS-JQUERYUI-1767175
- https://snyk.io/vuln/SNYK-JS-JQUERYUI-1767767
2021-10-28 07:28:38 +00:00
snipe 7455318fcf
Merge pull request #10225 from snipe/fixes/default_label_in_status_label_api
Set default_label to 0 instead of null in API
2021-10-25 20:18:37 -07:00
snipe 17bf899a17 Set default_label to 0 instead of null in API
Signed-off-by: snipe <snipe@snipe.net>
2021-10-25 20:14:01 -07:00
snipe a5230319b8
Merge pull request #10223 from snipe/fixes/fixed_missing_clone_button
Fixed #10222 - fixed permissions array to handle missing clone button
2021-10-25 15:39:28 -07:00
snipe 8b1c60a17a Make gates a little more consistent
Signed-off-by: snipe <snipe@snipe.net>
2021-10-25 15:34:22 -07:00
snipe 033c3253bb Fixed permissions array to handle missing clone button
Signed-off-by: snipe <snipe@snipe.net>
2021-10-25 14:10:17 -07:00
snipe a88f622ec3 Bumped version
Signed-off-by: snipe <snipe@snipe.net>
2021-10-18 16:45:51 -07:00
snipe f87ffb84d5
Merge pull request #10201 from snipe/fixes/xss_on_export
Fixes possible XSS on all-file-types export
2021-10-15 09:54:52 -07:00
snipe bda23bb1e6 Fixes possible XSS on all-file-types export
Signed-off-by: snipe <snipe@snipe.net>
2021-10-15 11:50:52 -05:00
FliegenKLATSCH 24c484303e Do not include deleted assets by default when doing lookup by serial
This commit introduces a new query parameter `deleted`, which can be set to `true` to include deleted assets in the response.
2021-10-09 08:56:31 +02:00
snipe 5d94b99035 Switched to 5 in one minute
Signed-off-by: snipe <snipe@snipe.net>
2021-10-08 15:53:32 -07:00
snipe c4856c8aed
Merge pull request #10180 from snipe/fixes/add_rate_limiting_to_forgotten_password
Throttle password reset requests to 5 every 60 seconds
2021-10-08 15:44:43 -07:00
snipe 0674ef5a3d Fixed number to 1 (for minutes)
Signed-off-by: snipe <snipe@snipe.net>
2021-10-08 15:43:32 -07:00
snipe 702791210e Throttle password reset requests to 5 every 60 seconds
Signed-off-by: snipe <snipe@snipe.net>
2021-10-08 14:26:30 -07:00
snipe 1c77fd0d09
Merge pull request #10178 from inietov/bug/sc-17520/symfony_component_debug_exception_fatalthrowableerror
Fixed typo when setting the headers
2021-10-08 12:04:45 -07:00
Ivan Nieto Vivanco d184da8611 Fixed typo (thanks @ssddanbrown) 2021-10-08 13:39:49 -05:00
snipe ac76364140
Merge pull request #10172 from snipe/fixes/S3_upload_preview
Fixed models preview - Use Storage:: facade
2021-10-06 13:14:02 -07:00
snipe 7848a3c3dc Use Storage:: facade for image preview for models
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 13:12:42 -07:00
snipe f41ec640fe Added Huntr.dev badge
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:49:30 -07:00
snipe fc5efd857f
Merge pull request #10171 from snipe/fixes/xss_svg_in_file_uploads
Fixed SVG XSS vuln
2021-10-06 12:38:51 -07:00
snipe ccd430ce07 Switched back down to debug level
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:38:21 -07:00
snipe f306401e7e Fixed SVG XSS vuln
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 12:26:45 -07:00
snipe c06a93ef13 Removed extra brace in assets for components
Signed-off-by: snipe <snipe@snipe.net>
2021-10-06 10:38:13 -07:00
snipe 17d4e25e60
Merge pull request #10167 from inietov/bug/sc-17520/symfony_component_debug_exception_fatalthrowableerror
Set headers in a different manner in the middleware [sc-17520]
2021-10-05 14:06:39 -07:00
Ivan Nieto Vivanco ef6eea67d8 Set headers in a different manner in the middleware 2021-10-05 14:09:35 -05:00
snipe 84c73aae5d
Merge pull request #10165 from snipe/fixes/set_restore_actions_to_POST_requests
Set restore actions to POST requests instead of GET
2021-10-04 20:40:33 -07:00
snipe dc3af7cc74 Resolved conflicts
Signed-off-by: snipe <snipe@snipe.net>
2021-10-04 20:39:24 -07:00