Skip to content

v2.7.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 09 Jun 09:00
· 5 commits to main since this release
v2.7.1
88ac59f

Security

  • ChunkedUploadService: redirect-following is now disabled (allow_redirects => false) on the upload init, chunk, and finalize requests as well — previously only the status-poll GET was hardened. Guzzle re-sends custom headers across redirects (it strips only Authorization/Cookie), so a 30x from the backup origin could otherwise relay the X-Notifier-Token secret to an arbitrary (even cleartext-http) host. The token now never leaves the configured HTTPS origin on any request.
  • ChunkedUploadService: the server-supplied failure_reason is sanitized (control characters stripped, length capped at 500) before being interpolated into the thrown exception and logged, preventing log injection from a misbehaving server.
  • notifier:check: the NOTIFIER_BACKUP_CODE and NOTIFIER_BACKUP_PASSWORD secrets are now displayed as presence + length only (set (N chars)) instead of revealing their first and last three characters, so they cannot leak into terminal scrollback or CI logs.

Fixed

  • PostgresDumper: fixed an undefined $binary variable on the dump-failure log path (surfaced by static analysis).
  • NotifierDatabaseService: the "creating backup file" log entry now records the concrete dumper (MysqlDumper / PostgresDumper) instead of always reporting the LazyDatabaseDumper proxy.
  • CHANGELOG: removed a spurious Contracts\DatabaseDumper → DatabaseDumperInterface rename entry from the 2.7.0 notes (that interface is new, not a rename) and corrected the 2.7.0 release date.

Changed

  • MysqlDumper / PostgresDumper: command construction was extracted into a buildCommand() method. Behavior is unchanged — the password is still passed only via the MYSQL_PWD / PGPASSWORD env var and never on the command line — but the generated argv is now unit-testable.

Tests

  • Added direct unit coverage for MysqlDumper, PostgresDumper (argv, excluded-table qualification, and binary resolution including ysql_dump/pg_dump preference and config overrides) and LazyDatabaseDumper (single resolution + proxying).
  • Added driver-selection tests for NotifierServiceProvider::resolveDumper (mysql/mariadb/pgsql, default-connection fallback, and the unsupported-driver / missing-connection error branches).
  • Added ChunkedUploadService::waitForCompletion tests (completed / failed / non-terminal polling / timeout / repeated polling errors / failure-reason sanitization).
  • Hardened the notifier:check database-dump-tool and masked-value checks, and rewrote the stale NotifierDatabaseService test (which still asserted the removed, insecure --password= argv pattern) into real behavior tests.

What's Changed

  • ci(deps): bump codecov/codecov-action from 6 to 7 in the codecov group by @dependabot[bot] in #24
  • ci(deps): bump actions/dependency-review-action from 4 to 5 in the actions group by @dependabot[bot] in #23
  • feat: finalize 2.7.0 — explicit naming convention, status_url hardening, PostgreSQL dumps by @ludwigtomas in #25

Full Changelog: v2.6.4...v2.7.1

Contributors

dependabot and ludwigtomas
Assets 2
Loading