-
Notifications
You must be signed in to change notification settings - Fork 332
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated front page and welcome message with useful links #1125
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I've reviewed this request and looks fine for me. |
I'm willing to merge this as soon as the ReadTheDocs site is up. |
The site is up. But your comment made me realize that just earlier I moved things around, changing from Markdown to the more versatile reStructuredText mode, so URL's changed too. I guess that's what you meant. It should be fine now. |
strugee
added a commit
that referenced
this pull request
Oct 26, 2015
Updated front page and welcome message with useful links
strugee
added a commit
that referenced
this pull request
Aug 27, 2016
This release adds many security features. It's recommended that admins upgrade as soon as possible. Please note that while we're not doing so _yet_, we're planning to deprecate running under Node.js 0.10 and 0.12 very soon. Additionally, upgrading to Node.js 4.x early will enable the new, better XSS scrubber - _however_, be aware that pump.io is far less tested under Node.js 4.x and you are likely to run into more bugs than you would under 0.10 or 0.12. See #1184 for details. * [API] Send the `Content-Length` header in Dialback requests * Add support for [LibreJS][librejs] (#1058) * Node.js 4.x is officially supported (#1184) * Browser MIME type sniffing is disabled via `X-Content-Type-Options: nosniff` ([#1184][security-headers]) * Protect some versions of Internet Explorer from a confused deputy attack via `X-Download-Options: noopen` ([#1184][security-headers]) * Make sure Internet Explorer's built-in XSS protection is as secure as possible with `X-XSS-Protection: 1; mode=block` ([#1184][security-headers]) * Versions of Internet Explorer the XSS scrubber can't protect are presented with a security error instead of any content (#1184) * Clickjacking is prevented via `X-Frame-Options: DENY` header (in addition to Content Security Policy) ([#1184][security-headers]) * A `Content-Security-Policy` header is sent with every response (#1184) * Scripts are forbidden from everywhere except the application domain and (if CDNs are enabled) `cdnjs.cloudflare.com` and `ajax.googleapis.com` * Styles are forbidden from everywhere except the application domain and inline styles * `<object>`, `<embed>`, and `<applet>`, as well as all plugins, are forbidden * Embedding the web UI via `<frame>`, `<iframe>`, `<object>`, `<embed>`, and `<applet>` is forbidden * Connecting to anything other than the application domain via `XMLHttpRequest`, WebSockets or `EventSource` is forbidden * Loading Web Workers or nested browsing contexts (i.e. `<frame>`, `<iframe>`) is forbidden except from the application domain * Fonts are forbidden from everywhere except the application domain * Form submission is limited to the application domain * [API] Don't return `displayName` properties if they're empty (#1149) * Upgraded from Connect 1.x to Connect 2.x * Upgraded various minor dependencies * All files pass style checking and most pass JSHint * Add links to the user guide on the homepage and welcome message (#1125) * Add a new XSS scrubber implementation (#1184) * DOMPurify-based scrubber is used on Node.js 4.x or better * Otherwise, a more intrusive, less precise one is used * Fix a crash upon access of an activity without any replies (#1135) * Disable registration link if registration is disabled (#853) * `package.json` now uses a valid SPDX license identifier (#1112)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds links to documentation in the front page and the private 'welcome' message users have in the inbox upon registration.