Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SECURITY: Limit the character count of group membership requests #19993

Merged
merged 1 commit into from Jan 25, 2023

Conversation

nattsw
Copy link
Contributor

@nattsw nattsw commented Jan 25, 2023

No description provided.

When creating a group membership request, there is no character
limit on the 'reason' field. This can be potentially be used by
an attacker to create enormous amount of data in the database.
@nattsw nattsw force-pushed the security/group-membership-request-reason-limit branch from 757eecc to d1d8c31 Compare January 25, 2023 07:24
@nbianca nbianca merged commit d5745d3 into main Jan 25, 2023
13 of 14 checks passed
@nbianca nbianca deleted the security/group-membership-request-reason-limit branch January 25, 2023 11:50
Flink added a commit that referenced this pull request May 16, 2023
Users submitting requests to join groups were not receiving errors when
the character limit for the request was exceeded. This also affects the
UX when admin-created group request templates are inserted into the
request.

This patch bumps the limits.

- https://meta.discourse.org/t/group-membership-requests-suddenly-limited-to-274-characters/265127
- #19993
Flink added a commit that referenced this pull request May 16, 2023
Users submitting requests to join groups were not receiving errors when
the character limit for the request was exceeded. This also affects the
UX when admin-created group request templates are inserted into the
request.

This patch bumps the limits.

- https://meta.discourse.org/t/group-membership-requests-suddenly-limited-to-274-characters/265127
- #19993
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
3 participants