Commit Graph

  • dde94b06ed Delete server-side session on logout main Rosa Gutierrez 2026-01-15 20:04:01 +01:00
  • 1852adb06c Fix 1Password account ID (was user UUID) (#156) Jeremy Daer 2025-12-31 13:59:12 -08:00
  • e983e3f79f Block IPv6 SSRF bypass via ipv4_compat addresses (#153) Jeremy Daer 2025-12-31 13:01:43 -08:00
  • 53e36a16ea Latest Brakeman Jeremy Daer 2025-12-31 12:55:55 -08:00
  • a05292f548 Switch 1Password account to 37signals.1password.com (#154) Jeremy Daer 2025-12-31 11:54:27 -08:00
  • 71ffeeea78 Merge pull request #147 from basecamp/fix-sgid-decoding v1.4.3 Stanko Krtalić 2025-12-15 17:05:01 +01:00
  • 77bcad65b5 Try to decode SGIDs in multiple ways Stanko K.R. 2025-12-15 16:54:12 +01:00
  • 238f73c26f Merge pull request #146 from basecamp/flavorjones/fix-account-creation-race Mike Dalessio 2025-12-12 11:14:52 -05:00
  • 1feb2d94b9 Address race condition during "first run" account creation Mike Dalessio 2025-12-12 09:29:17 -05:00
  • 49c0ce496c Merge pull request #144 from basecamp/user-self Jason Zimdars 2025-12-08 23:03:07 -06:00
  • 88f3f942f7 Ensure edit (not trash) is displayed Jason Zimdars 2025-12-08 22:57:38 -06:00
  • 6f256f5f2d Show admin toggle, but disable for current user Jason Zimdars 2025-12-08 22:53:11 -06:00
  • 089a8b35c0 Merge pull request #140 from ashwin47/admin-ordering Jason Zimdars 2025-12-08 22:33:49 -06:00
  • b52c318518 Group administrators separately from members with visual divider Ashwin M 2025-12-08 03:34:26 +05:30
  • de5493d8a9 Merge pull request #124 from ashwin47/ban_typo Stanko Krtalić 2025-12-06 11:42:50 +01:00
  • 74346342df Rewrite label Ashwin M 2025-12-06 16:09:13 +05:30
  • e4a49d52b2 Merge pull request #125 from mphalliday/involvement-fix Stanko Krtalić 2025-12-04 21:43:31 +01:00
  • b8919161a8 Allow non-admins to update their room involvements Michael Halliday 2025-12-03 09:56:15 -05:00
  • 80585a9585 Fix button label to 'UnBan' for clarity Ashwin M 2025-12-03 17:50:16 +05:30
  • b3d97ecb0e Add safety checks to release script Stanko K.R. 2025-12-03 08:24:04 +01:00
  • 94692026d3 Merge pull request #122 from basecamp/unfurl-blind-ssrf v1.4.2 Stanko Krtalić 2025-12-03 08:12:24 +01:00
  • 0672673916 Disallow SSRF via IPv6 addresses mapped to IPv4 addresses Stanko K.R. 2025-12-03 08:08:34 +01:00
  • 5667262d1c Security: disallow blind SSRF to link-local IPs via URL unfurling Jeremy Daer 2025-12-02 21:33:44 -08:00
  • 1babf3f9ed Merge pull request #121 from basecamp/fix-crash-on-mentions-when-upgrading-from-rails-7-to-8 v1.4.1 Stanko Krtalić 2025-12-02 11:37:51 +01:00
  • 4d04f9beee Use urlsafe base64 decode Stanko K.R. 2025-12-02 11:34:12 +01:00
  • bebe518c74 Parse Rails 7 GIDs Stanko K.R. 2025-12-02 11:06:23 +01:00
  • 13897eac59 Set title on new releases to be the version number v1.4.0 Stanko K.R. 2025-12-02 08:36:15 +01:00
  • 6bb0ee2436 Merge pull request #120 from basecamp/allow-restricting-new-room-creation-to-admins Stanko Krtalić 2025-12-02 08:27:29 +01:00
  • 550d4c75bd Invert the icon color in dark mode Stanko K.R. 2025-12-02 08:22:32 +01:00
  • 7b7b3f8a67 Rework toggle as switch Jason Zimdars 2025-12-01 23:13:54 -06:00
  • aec8747710 Fix failing system tests Stanko K.R. 2025-12-01 16:34:51 +01:00
  • 71b5edae01 Run migrations Stanko K.R. 2025-12-01 15:31:53 +01:00
  • b1325ccee7 Bump Redis Stanko K.R. 2025-12-01 15:31:07 +01:00
  • 5266ffc049 Always just go through the settings object David Heinemeier Hansson 2025-11-30 21:07:46 +01:00
  • bd3b0c5988 Not needed David Heinemeier Hansson 2025-11-30 21:07:34 +01:00
  • e8626f9d5d Use rails edge that now includes the feature David Heinemeier Hansson 2025-11-30 21:07:26 +01:00
  • 796195c2cc Give up on the auto delegation to get a cleaner API David Heinemeier Hansson 2025-11-29 11:09:23 -08:00
  • 559629537b We don't need to specify the default any more David Heinemeier Hansson 2025-11-29 10:52:01 -08:00
  • 42c411b660 Use upstream version of has_json David Heinemeier Hansson 2025-11-29 10:38:25 -08:00
  • 6c59b8c82b Use public_send instead of send David Heinemeier Hansson 2025-11-29 09:04:08 -08:00
  • 20ba1cf2ae Ensure mutable string is used to prevent warning David Heinemeier Hansson 2025-11-29 08:58:48 -08:00
  • d323c3cfc0 Now required to be explicitly included David Heinemeier Hansson 2025-11-29 08:55:51 -08:00
  • 53671b48e0 Update to latest Rails 8.2.0 alpha David Heinemeier Hansson 2025-11-29 08:52:29 -08:00
  • 66b4e41281 Rename David Heinemeier Hansson 2025-11-28 16:38:39 -08:00
  • 6476bab4cc Use consistent yield naming David Heinemeier Hansson 2025-11-28 16:36:24 -08:00
  • f7c3aaa2a9 Allow for default values David Heinemeier Hansson 2025-11-28 16:35:25 -08:00
  • 593f8dd04c No need for self David Heinemeier Hansson 2025-11-28 15:49:10 -08:00
  • d3b6507ce2 Layer on top a more pleasant API for the default case David Heinemeier Hansson 2025-11-28 15:48:46 -08:00
  • 32be03a240 Rely on method missing David Heinemeier Hansson 2025-11-28 05:53:40 -08:00
  • 8e94a4aa1e Better wording David Heinemeier Hansson 2025-11-28 12:43:34 +01:00
  • 15db4033bc Enforce restriction to create new rooms David Heinemeier Hansson 2025-11-27 17:32:14 +01:00
  • f56e33e323 Fix fetching missing values David Heinemeier Hansson 2025-11-27 17:32:00 +01:00
  • bea2c89c2b Add new has_json to add Account#settings to restrict room creation to only administrators David Heinemeier Hansson 2025-11-27 17:15:26 +01:00
  • b7c7d99dcd Merge pull request #119 from basecamp/upgrade-to-rails-8.2.alpha Stanko Krtalić 2025-12-01 13:59:28 +01:00
  • 6197f20a31 Upgrade to Rails 8.2.0.alpha Stanko K.R. 2025-12-01 13:50:53 +01:00
  • 02023b0f0c Merge pull request #118 from basecamp/modernize-scripts Stanko Krtalić 2025-12-01 12:22:04 +01:00
  • af81a4c1ac Create release first Stanko K.R. 2025-12-01 12:21:08 +01:00
  • d4a132865a Merge pull request #117 from basecamp/modernize-scripts Stanko Krtalić 2025-12-01 12:01:13 +01:00
  • f423bb9b07 Remove structure.sql v1.3.0 Stanko K.R. 2025-12-01 11:48:53 +01:00
  • 3367ffaf8f Switch to using schema.rb Stanko K.R. 2025-12-01 11:47:51 +01:00
  • 7593a27a6b Use bash for the setup script Stanko K.R. 2025-12-01 11:21:18 +01:00
  • 133859b8fb Create a Github release Stanko K.R. 2025-12-01 11:20:31 +01:00
  • 13690f754d Merge pull request #116 from basecamp/port-release-script Stanko Krtalić 2025-12-01 10:51:10 +01:00
  • ead80316e0 Port over release script Stanko K.R. 2025-12-01 10:40:24 +01:00
  • 59b322edc6 Merge pull request #111 from basecamp/ip-ban Stanko Krtalić 2025-11-27 15:26:34 +01:00
  • c8ac878353 Polish banned states and confirm Jason Zimdars 2025-11-26 13:08:35 -06:00
  • 30fe6ab121 Add IP-based user banning Kevin McConnell 2025-11-26 09:43:11 +00:00
  • 612ca32d2c Merge pull request #112 from basecamp/update-brakeman Kevin McConnell 2025-11-26 14:30:26 +00:00
  • 5f58a183cd Bump Brakeman to latest Kevin McConnell 2025-11-26 14:26:32 +00:00
  • f85ec7f99e Merge pull request #102 from p-schlickmann/unused-git-source Stanko Krtalić 2025-11-04 15:56:56 +01:00
  • c6ea9fda4c Removing unused git source from Gemfile Pedro Schlickmann Mendes 2025-10-30 19:11:47 -03:00
  • 89f45cee76 Merge pull request #90 from milos-dukic/logout-localhost-fix Stanko Krtalić 2025-10-21 09:35:52 +02:00
  • be0ebdfd0f Merge pull request #97 from IbraheemTuffaha/main Stanko Krtalić 2025-10-21 08:38:17 +02:00
  • 892c581317 Add dir="auto" to messages for rtl lang support Ibraheem Tuffaha 2025-10-18 11:01:33 +03:00
  • 336c9ae140 [Logout localhost fix] - fixing an error for logout process on localhost. milos-dukic 2025-10-06 15:14:23 +02:00
  • 5c0526eaf7 Merge pull request #83 from kevinmcconnell/main Kevin McConnell 2025-09-25 10:53:24 +01:00
  • 329d3e361b Avoid extra slash in cable path Kevin McConnell 2025-09-25 10:16:20 +01:00
  • 1237a40650 Merge pull request #82 from kevinmcconnell/script-cable-path Kevin McConnell 2025-09-24 15:58:31 +01:00
  • 6f7f0973db Allow serving cable traffic under $SCRIPT_NAME Kevin McConnell 2025-09-24 14:37:13 +01:00
  • c13bd1a4d3 Merge pull request #55 from milos-dukic/event-logger-controller-fix Stanko Krtalić 2025-09-19 14:12:01 +02:00
  • 5bb257b2d7 [Event Logger Controller fix] - removing the file event_log_controller.js since it is not being used. milos-dukic 2025-09-19 14:07:53 +02:00
  • f747202ddd Merge pull request #68 from NateEag/patch-1 Stanko Krtalić 2025-09-18 17:47:33 +02:00
  • 5efaf0813c Fix grammar error in README.md Nate Eagleson 2025-09-18 10:53:41 -04:00
  • a80c6d7e91 Add Worth Noting section Stanko K.R. 2025-09-18 15:28:43 +02:00
  • 7b6ce97afd Add contributing guide Stanko K.R. 2025-09-18 14:51:42 +02:00
  • 3c776850b5 Merge pull request #53 from raulpopadineti/speed-improvements-1 Stanko Krtalić 2025-09-18 09:41:58 +02:00
  • 03d1c45d97 Refactor message loading in RoomsController to use combined scopes Raul Popadineti 2025-09-17 13:39:30 +03:00
  • baa2bfc713 [Event Logger Controller fix] - renaming the file to event_log_controller.js milos-dukic 2025-09-16 15:02:47 +02:00
  • 3dc8590048 Merge pull request #54 from atish23/fix/setup-file-missing-mise-install Stanko Krtalić 2025-09-16 14:04:33 +02:00
  • e89a834cde Speed up room's initial load by reducing N+1 queries Raul Popadineti 2025-09-16 13:41:07 +03:00
  • 2d8884bbe6 Refactor setup script to ensure 'mise' is installed after dependency checks atish23 2025-09-16 16:40:15 +05:30
  • 26fd45c1d1 Merge pull request #18 from dmkondr/main Stanko Krtalić 2025-09-16 11:41:16 +02:00
  • 2d1c6e3c96 Merge pull request #49 from milos-dukic/service-worker-error-fix Stanko Krtalić 2025-09-15 16:51:34 +02:00
  • 10569b57a3 Update app/javascript/controllers/notifications_controller.js Milos Dukic 2025-09-15 16:24:27 +02:00
  • 3b31a83ac5 [ServiceWorler fix] - Failed to get a ServiceWorkerRegistration error. milos-dukic 2025-09-15 15:21:04 +02:00
  • ec4b74e4e1 Merge pull request #25 from keshav-k3/feature-japanese-translations Stanko Krtalić 2025-09-15 15:15:36 +02:00
  • 06043e192d Install system dependencies (#48) Stanko Krtalić 2025-09-15 15:00:09 +02:00
  • 1b4e28b751 Merge pull request #38 from formigarafa/patch-1 Stanko Krtalić 2025-09-15 12:32:59 +02:00
  • 62131982b3 Fix let's encrypt autosetup Rafael Santos 2025-09-14 23:33:06 +12:00
  • 3d0a10dbdd Security: Fix user impersonation via custom bot token Jacopo 2025-09-11 12:24:39 +02:00