aiden
/
memos
mirror of https://github.com/usememos/memos
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
release-please--branches--main--components--memos
main
v0.0.1
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.11.0
v0.11.1
v0.11.2
v0.12.0
v0.12.1
v0.12.2
v0.13.0
v0.13.1
v0.13.2
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.14.4
v0.15.0
v0.15.1
v0.15.2
v0.16.0
v0.16.1
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.2.0
v0.2.1
v0.2.2
v0.20.0
v0.20.1
v0.21.0
v0.22.0
v0.22.1
v0.22.2
v0.22.3
v0.22.4
v0.22.5
v0.23.0
v0.23.0-rc.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.24.0
v0.24.1
v0.24.2
v0.24.3
v0.24.4
v0.25.0
v0.25.1
v0.25.2
v0.25.3
v0.26.0
v0.26.1
v0.26.2
v0.27.0
v0.27.0-rc.1
v0.27.0-rc.2
v0.27.1
v0.28.0
v0.29.0
v0.29.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.0
v0.9.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9d3a74bccc'
${ noResults }
memos/server/router/api/v1/test
History
memoclaw 9d3a74bccc fix(api): make credentials write-only and restrict sensitive settings to admins 
Security fixes for credential leakage across three resources:

- NOTIFICATION setting: restrict GetInstanceSetting to admin-only
  (was publicly accessible, exposing SMTP credentials)
- SMTP password: never return SmtpPassword in API responses (write-only)
- S3 secret: never return AccessKeySecret in API responses (write-only)
- OAuth2 ClientSecret: never return in API responses for any role
  (was previously returned to admins); remove redactIdentityProviderResponse
  in favor of omitting the field at the conversion layer
- Preserve-on-empty: when updating settings with an empty credential
  field, preserve the existing stored value instead of overwriting
  (applies to SmtpPassword, AccessKeySecret, and ClientSecret)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 		3 months ago
..
attachment_service_test.go fix: prevent local attachment uploads from overwriting files 3 months ago
auth_test.go refactor: user auth improvements (#5360) 6 months ago
idp_service_test.go fix(api): make credentials write-only and restrict sensitive settings to admins 3 months ago
instance_admin_cache_test.go feat: update instance profile to use admin user instead of initialized flag 5 months ago
instance_service_test.go fix(api): make credentials write-only and restrict sensitive settings to admins 3 months ago
memo_attachment_service_test.go fix(security): implement security review recommendations (#5228) 7 months ago
memo_relation_service_test.go fix(security): implement security review recommendations (#5228) 7 months ago
memo_service_test.go fix(api): switch user resource names to usernames (#5779) 3 months ago
memo_share_service_test.go feat(memo): add share links for private memos (#5742) 3 months ago
reaction_service_test.go fix(api): switch user resource names to usernames (#5779) 3 months ago
shortcut_service_test.go fix(api): switch user resource names to usernames (#5779) 3 months ago
sse_handler_test.go refactor(sse): move status indicator to avatar badge 4 months ago
test_helper.go perf: batch load memo relations when listing memos (#5692) 3 months ago
user_email_visibility_test.go fix(api): restrict user email exposure to self and admins (#5784) 3 months ago
user_notification_test.go fix(api): switch user resource names to usernames (#5779) 3 months ago
user_resource_name_test.go fix(api): switch user resource names to usernames (#5779) 3 months ago
user_service_registration_test.go fix(api): switch user resource names to usernames (#5779) 3 months ago
user_service_stats_test.go fix(api): switch user resource names to usernames (#5779) 3 months ago