happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
memos/plugin
History
Claude d88a116fbc
fix: security hardening on synced upstream codebase 
Applied security fixes to the latest upstream (usememos/memos):

- Remove hardcoded JWT secret ("usememos") in demo mode; always use instance secret key
- Enforce DisallowPasswordAuth for all roles including admins (was only blocking regular users)
- Add minimum password length validation (8 chars) on CreateUser and UpdateUser password change
- Restrict CORS to same-origin in production (was allowing all origins on both gateway and connect)
- Add HTTP client timeout (10s) to OAuth2 identity provider
- Remove PII logging of OAuth2 user info claims

https://claude.ai/code/session_018iYDVMmBxJLWBvqugc6tNe
 		2026-03-15 16:51:53 +00:00
..
cron fix: correct typos in comments, error messages, and identifiers (#5704) 2026-03-08 18:40:17 +08:00
email refactor(db): rename tables for clarity - resource→attachment, system_setting→instance_setting 2026-01-06 23:36:42 +08:00
filter fix: add Unicode case-insensitive search for SQLite (#5559) 2026-02-02 21:10:07 +08:00
httpgetter refactor: attachment service part2 2025-06-18 00:09:19 +08:00
idp fix: security hardening on synced upstream codebase 2026-03-15 16:51:53 +00:00
markdown enhance: improve link memo dialog with rich previews (#5697) 2026-03-07 17:54:13 +08:00
scheduler chore: simplify attachment file writing 2025-12-31 21:54:37 +08:00
storage/s3 fix: correct typos in comments, error messages, and identifiers (#5704) 2026-03-08 18:40:17 +08:00
webhook feat: add --allow-private-webhooks flag to bypass SSRF protection (#5694) 2026-03-07 13:46:03 +08:00