happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
memos/server
History
Claude d88a116fbc
fix: security hardening on synced upstream codebase 
Applied security fixes to the latest upstream (usememos/memos):

- Remove hardcoded JWT secret ("usememos") in demo mode; always use instance secret key
- Enforce DisallowPasswordAuth for all roles including admins (was only blocking regular users)
- Add minimum password length validation (8 chars) on CreateUser and UpdateUser password change
- Restrict CORS to same-origin in production (was allowing all origins on both gateway and connect)
- Add HTTP client timeout (10s) to OAuth2 identity provider
- Remove PII logging of OAuth2 user info claims

https://claude.ai/code/session_018iYDVMmBxJLWBvqugc6tNe
 		2026-03-15 16:51:53 +00:00
..
auth refactor: consolidate duplicated auth logic into auth package 2026-02-24 23:08:16 +08:00
router fix: security hardening on synced upstream codebase 2026-03-15 16:51:53 +00:00
runner refactor: rename workspace to instance throughout codebase 2025-11-05 23:35:35 +08:00
server.go fix: security hardening on synced upstream codebase 2026-03-15 16:51:53 +00:00