github/TREK
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
416 Commits 1 Branch 0 Tags
4b8cfc78b8a49017db210e9df2f803e4dbc39480
Commit Graph

4 Commits

Author SHA1 Message Date
Claude
483190e7c1 fix: XSS in GitHubPanel markdown renderer and RouteCalculator profile bug 
Escape HTML entities before dangerouslySetInnerHTML in release notes
renderer to prevent stored XSS via malicious GitHub release bodies.
Fix RouteCalculator ignoring the profile parameter (was hardcoded to
'driving').

https://claude.ai/code/session_01SoQKcF5Rz9Y8Nzo4PzkxY8
 2026-03-31 00:34:09 +00:00
Claude
c89ff8b551 fix: critical Immich SSRF and API key exposure vulnerabilities 
- Add URL validation on Immich URL save to prevent SSRF attacks
  (blocks private IPs, metadata endpoints, non-HTTP protocols)
- Remove userId query parameter from asset proxy endpoints to prevent
  any authenticated user from accessing another user's Immich API key
  and photo library
- Add asset ID validation (alphanumeric only) to prevent path traversal
  in proxied Immich API URLs
- Update AUDIT_FINDINGS.md with Immich and admin route findings

https://claude.ai/code/session_01SoQKcF5Rz9Y8Nzo4PzkxY8
 2026-03-31 00:34:06 +00:00
Claude
63232e56a3 fix: prevent OIDC token data leaking to logs, update audit findings 
- Redact OIDC token exchange error logs to only include HTTP status
- Add additional findings from exhaustive server security scan to
  AUDIT_FINDINGS.md

https://claude.ai/code/session_01SoQKcF5Rz9Y8Nzo4PzkxY8
 2026-03-31 00:34:04 +00:00
Claude
5f07bdaaf1 docs: add comprehensive security and code quality audit findings 
AUDIT_FINDINGS.md documents all findings across security, code quality,
best practices, dependency hygiene, documentation, and testing categories.

https://claude.ai/code/session_01SoQKcF5Rz9Y8Nzo4PzkxY8
 2026-03-31 00:33:50 +00:00