happyz
/
memos
mirror of https://github.com/usememos/memos.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
memos/server/router
History
Claude d88a116fbc
fix: security hardening on synced upstream codebase 
Applied security fixes to the latest upstream (usememos/memos):

- Remove hardcoded JWT secret ("usememos") in demo mode; always use instance secret key
- Enforce DisallowPasswordAuth for all roles including admins (was only blocking regular users)
- Add minimum password length validation (8 chars) on CreateUser and UpdateUser password change
- Restrict CORS to same-origin in production (was allowing all origins on both gateway and connect)
- Add HTTP client timeout (10s) to OAuth2 identity provider
- Remove PII logging of OAuth2 user info claims

https://claude.ai/code/session_018iYDVMmBxJLWBvqugc6tNe
 		2026-03-15 16:51:53 +00:00
..
api/v1 fix: security hardening on synced upstream codebase 2026-03-15 16:51:53 +00:00
fileserver feat: add live refresh via Server-Sent Events (SSE) with visual indicator (#5638) 2026-03-03 22:56:12 +08:00
frontend chore: upgrade Echo v4 to v5.0.3 2026-02-10 09:15:27 +08:00
mcp feat(mcp): enhance MCP server with full capabilities and new tools (#5720) 2026-03-13 18:15:52 +08:00
rss chore: upgrade Echo v4 to v5.0.3 2026-02-10 09:15:27 +08:00