Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

6.3.0 #208

Merged
merged 20 commits into from Jun 22, 2020
Merged

6.3.0 #208

merged 20 commits into from Jun 22, 2020

Conversation

gulien
Copy link
Collaborator

@gulien gulien commented Jun 5, 2020
edited

This version fixes several critical vulnerabilities. We strongly advise everyone to update their Gotenberg instances with this new version.

On a side note, those several critical vulnerabilities are not a problem if your Gotenberg instances are called from trusted sources.

New feature

Google Chrome ignore certificate errors

When performing a URL conversion, Google Chrome will not accept certificate errors .

You may allow insecure connections by setting GOOGLE_CHROME_IGNORE_CERTIFICATE_ERRORS environment variable to "1".

You should be careful with this feature and only enable it in your development environment.

Fixes #189.

Thanks @tomjvdberg.

Fixes

WillyReyno and others added 11 commits June 1, 2020 11:15
@WillyReyno
Added warning for URLRequest and service named app
c590b02 
A docker-compose service named "app" will systematically return a blank PDF when using `URLRequest()`.
Added a warning to recommend people to rename their service if it's named "app".
@tomjvdberg
Add feature to have chrome ignore certificate errors when printing us…
24cbe98 
…ing an URL.
@tomjvdberg
Add ignoreCertificateErrors tests + docs
1e6926e
@gulien
tini no more writeable by gotenberg user
dbdf887
@gulien
updating dependencies
f860913
@gulien
sanitizing filename parameter of toHTML function
b254568
@gulien
adding missing comment from previous commit
5540438
@gulien
fixing dependencies with master
25f18ac
@gulien
avoir directory traversal when uploading a file
542fe18
@gulien
using a (more) random directory name for user profile tmp dir + impro…
8a218a6 
…ving performance with a go routine
@gulien
got fmt
a7cef5a
@codecov
Copy link

codecov bot commented Jun 5, 2020
edited

Codecov Report

Merging #208 into master will increase coverage by 0.12%.
The diff coverage is 93.33%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master     #208      +/-   ##
==========================================
+ Coverage   85.36%   85.49%   +0.12%     
==========================================
  Files          27       27              
  Lines        1790     1806      +16     
==========================================
+ Hits         1528     1544      +16     
  Misses        177      177              
  Partials       85       85
Impacted Files Coverage Δ
internal/app/xhttp/pkg/context/context.go 85.41% <66.66%> (+0.15%) ⬆️
internal/pkg/printer/office.go 94.93% <75.00%> (+0.27%) ⬆️
internal/app/xhttp/handler.go 82.17% <100.00%> (ø)
internal/app/xhttp/pkg/resource/file.go 51.02% <100.00%> (ø)
internal/pkg/conf/conf.go 100.00% <100.00%> (ø)
internal/pkg/printer/chrome.go 64.34% <100.00%> (ø)
internal/pkg/printer/markdown.go 75.00% <100.00%> (+0.64%) ⬆️
internal/pkg/xexec/xexec.go 76.19% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d28221a...5467620. Read the comment docs.

@gulien gulien changed the title WIP: 6.3.0 6.3.0 Jun 22, 2020
@gulien gulien merged commit daf028a into master Jun 22, 2020
2 checks passed
@gulien gulien deleted the 6.3.0-dev branch June 22, 2020 08:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Critical vulnerability [Feature request] Allow insecure connection, disable TLS veritification
3 participants
@gulien @WillyReyno @tomjvdberg