Commit Graph

  • 9ebc47a8f0 Bump json to 2.20.0 (CVE-2026-54696) main Rosa Gutierrez 2026-07-06 10:02:49 +02:00
  • 962c48af13 Update brakeman Rosa Gutierrez 2026-06-29 13:33:15 +02:00
  • 0920ceab6b Upgrade crass to 1.0.7 Rosa Gutierrez 2026-06-29 12:09:34 +02:00
  • 12bb943af8 Bump concurrent-ruby from 1.3.5 to 1.3.7 dependabot[bot] 2026-06-29 10:37:53 +00:00
  • e4f88b425a Bump nokogiri from 1.19.3 to 1.19.4 dependabot[bot] 2026-06-29 10:37:54 +00:00
  • bfa9f66633 Bump net-imap from 0.6.4 to 0.6.4.1 dependabot[bot] 2026-06-29 10:38:02 +00:00
  • 0141eae018 Address review: assert uploaded bytes in disk update test harden-active-storage-write-auth Jeremy Daer 2026-06-15 13:24:38 -07:00
  • c49c41a0d7 Address review: cover DiskController#update in tests Jeremy Daer 2026-06-15 13:18:40 -07:00
  • 49f06d0b22 Address review: keep disk PUT CSRF-exempt, use intent helpers Jeremy Daer 2026-06-15 13:10:59 -07:00
  • ed5a172871 Require authentication for ActiveStorage direct-upload write endpoints Jeremy Daer 2026-06-15 13:00:29 -07:00
  • 8d3c2bbd2b Merge pull request #211 from basecamp/clean-202606 Mike Dalessio 2026-06-09 12:47:49 -04:00
  • 03fa883f98 dep: update puma 6.6.1 → 7.2.1 (major) Mike Dalessio 2026-06-09 12:20:14 -04:00
  • 8e0aa7d636 dep: update nokogiri 1.18.10 → 1.19.3 Mike Dalessio 2026-06-09 12:10:31 -04:00
  • efaae642b0 dep: update rack 3.2.4 → 3.2.6 Mike Dalessio 2026-06-09 12:01:20 -04:00
  • 28525bec5d dep: update sinatra 4.1.1 → 4.2.1 Mike Dalessio 2026-06-09 11:51:42 -04:00
  • 52ccd24efa dep: update action_text-trix 2.1.15 → 2.1.19 Mike Dalessio 2026-06-09 11:48:08 -04:00
  • c189ddea41 dep: update net-imap 0.5.12 → 0.6.4 Mike Dalessio 2026-06-09 11:38:20 -04:00
  • 7ffb043cf3 dep: update erb 6.0.0 → 6.0.4 Mike Dalessio 2026-06-09 11:32:02 -04:00
  • 17f81d4fa0 dep: update jwt 3.1.2 → 3.2.0 Mike Dalessio 2026-06-09 11:29:42 -04:00
  • 905165b7e2 dep: update bcrypt 3.1.20 → 3.1.22 Mike Dalessio 2026-06-09 11:25:39 -04:00
  • ce62fd0814 dep: update addressable 2.8.7 → 2.9.0 Mike Dalessio 2026-06-09 11:22:40 -04:00
  • 47cdbb2a0f dep: update rexml 3.4.1 → 3.4.4 Mike Dalessio 2026-06-09 11:17:07 -04:00
  • 6ec04cbc28 dep: update rack-session 2.1.1 → 2.1.2 Mike Dalessio 2026-06-09 11:01:36 -04:00
  • e74d192aec dep: explicitly add bundler-audit Mike Dalessio 2026-06-09 10:50:21 -04:00
  • 67ca61da1f fix(docker): install libssl-dev to build the openssl gem Mike Dalessio 2026-06-09 12:41:14 -04:00
  • 0febc9f415 dep: update to bundler 4 Mike Dalessio 2026-06-09 10:36:06 -04:00
  • 4a75954080 style(rubocop): Layout/SpaceInsideArrayLiteralBrackets Mike Dalessio 2026-06-09 10:32:00 -04:00
  • 69c94b6594 bin/setup only asks for pacman install password when needed Mike Dalessio 2026-06-09 12:19:46 -04:00
  • ba11a0a67f Merge pull request #192 from ESH13/fix-negative-limit-direct-placeholders Stanko Krtalić 2026-04-13 16:47:16 +02:00
  • 8c7f49e003 Fix crash when user has 20+ direct conversations Eric Hiler 2026-04-10 09:23:30 -04:00
  • 3fada3d997 ci: harden GitHub Actions workflows (#185) Mike Dalessio 2026-03-20 19:26:25 -04:00
  • dde94b06ed Delete server-side session on logout Rosa Gutierrez 2026-01-15 20:04:01 +01:00
  • 1852adb06c Fix 1Password account ID (was user UUID) (#156) Jeremy Daer 2025-12-31 13:59:12 -08:00
  • e983e3f79f Block IPv6 SSRF bypass via ipv4_compat addresses (#153) Jeremy Daer 2025-12-31 13:01:43 -08:00
  • 53e36a16ea Latest Brakeman Jeremy Daer 2025-12-31 12:55:55 -08:00
  • a05292f548 Switch 1Password account to 37signals.1password.com (#154) Jeremy Daer 2025-12-31 11:54:27 -08:00
  • 71ffeeea78 Merge pull request #147 from basecamp/fix-sgid-decoding v1.4.3 Stanko Krtalić 2025-12-15 17:05:01 +01:00
  • 77bcad65b5 Try to decode SGIDs in multiple ways Stanko K.R. 2025-12-15 16:54:12 +01:00
  • 238f73c26f Merge pull request #146 from basecamp/flavorjones/fix-account-creation-race Mike Dalessio 2025-12-12 11:14:52 -05:00
  • 1feb2d94b9 Address race condition during "first run" account creation Mike Dalessio 2025-12-12 09:29:17 -05:00
  • 49c0ce496c Merge pull request #144 from basecamp/user-self Jason Zimdars 2025-12-08 23:03:07 -06:00
  • 88f3f942f7 Ensure edit (not trash) is displayed Jason Zimdars 2025-12-08 22:57:38 -06:00
  • 6f256f5f2d Show admin toggle, but disable for current user Jason Zimdars 2025-12-08 22:53:11 -06:00
  • 089a8b35c0 Merge pull request #140 from ashwin47/admin-ordering Jason Zimdars 2025-12-08 22:33:49 -06:00
  • b52c318518 Group administrators separately from members with visual divider Ashwin M 2025-12-08 03:34:26 +05:30
  • de5493d8a9 Merge pull request #124 from ashwin47/ban_typo Stanko Krtalić 2025-12-06 11:42:50 +01:00
  • 74346342df Rewrite label Ashwin M 2025-12-06 16:09:13 +05:30
  • e4a49d52b2 Merge pull request #125 from mphalliday/involvement-fix Stanko Krtalić 2025-12-04 21:43:31 +01:00
  • b8919161a8 Allow non-admins to update their room involvements Michael Halliday 2025-12-03 09:56:15 -05:00
  • 80585a9585 Fix button label to 'UnBan' for clarity Ashwin M 2025-12-03 17:50:16 +05:30
  • b3d97ecb0e Add safety checks to release script Stanko K.R. 2025-12-03 08:24:04 +01:00
  • 94692026d3 Merge pull request #122 from basecamp/unfurl-blind-ssrf v1.4.2 Stanko Krtalić 2025-12-03 08:12:24 +01:00
  • 0672673916 Disallow SSRF via IPv6 addresses mapped to IPv4 addresses Stanko K.R. 2025-12-03 08:08:34 +01:00
  • 5667262d1c Security: disallow blind SSRF to link-local IPs via URL unfurling Jeremy Daer 2025-12-02 21:33:44 -08:00
  • 1babf3f9ed Merge pull request #121 from basecamp/fix-crash-on-mentions-when-upgrading-from-rails-7-to-8 v1.4.1 Stanko Krtalić 2025-12-02 11:37:51 +01:00
  • 4d04f9beee Use urlsafe base64 decode Stanko K.R. 2025-12-02 11:34:12 +01:00
  • bebe518c74 Parse Rails 7 GIDs Stanko K.R. 2025-12-02 11:06:23 +01:00
  • 13897eac59 Set title on new releases to be the version number v1.4.0 Stanko K.R. 2025-12-02 08:36:15 +01:00
  • 6bb0ee2436 Merge pull request #120 from basecamp/allow-restricting-new-room-creation-to-admins Stanko Krtalić 2025-12-02 08:27:29 +01:00
  • 550d4c75bd Invert the icon color in dark mode Stanko K.R. 2025-12-02 08:22:32 +01:00
  • 7b7b3f8a67 Rework toggle as switch Jason Zimdars 2025-12-01 23:13:54 -06:00
  • aec8747710 Fix failing system tests Stanko K.R. 2025-12-01 16:34:51 +01:00
  • 71b5edae01 Run migrations Stanko K.R. 2025-12-01 15:31:53 +01:00
  • b1325ccee7 Bump Redis Stanko K.R. 2025-12-01 15:31:07 +01:00
  • 5266ffc049 Always just go through the settings object David Heinemeier Hansson 2025-11-30 21:07:46 +01:00
  • bd3b0c5988 Not needed David Heinemeier Hansson 2025-11-30 21:07:34 +01:00
  • e8626f9d5d Use rails edge that now includes the feature David Heinemeier Hansson 2025-11-30 21:07:26 +01:00
  • 796195c2cc Give up on the auto delegation to get a cleaner API David Heinemeier Hansson 2025-11-29 11:09:23 -08:00
  • 559629537b We don't need to specify the default any more David Heinemeier Hansson 2025-11-29 10:52:01 -08:00
  • 42c411b660 Use upstream version of has_json David Heinemeier Hansson 2025-11-29 10:38:25 -08:00
  • 6c59b8c82b Use public_send instead of send David Heinemeier Hansson 2025-11-29 09:04:08 -08:00
  • 20ba1cf2ae Ensure mutable string is used to prevent warning David Heinemeier Hansson 2025-11-29 08:58:48 -08:00
  • d323c3cfc0 Now required to be explicitly included David Heinemeier Hansson 2025-11-29 08:55:51 -08:00
  • 53671b48e0 Update to latest Rails 8.2.0 alpha David Heinemeier Hansson 2025-11-29 08:52:29 -08:00
  • 66b4e41281 Rename David Heinemeier Hansson 2025-11-28 16:38:39 -08:00
  • 6476bab4cc Use consistent yield naming David Heinemeier Hansson 2025-11-28 16:36:24 -08:00
  • f7c3aaa2a9 Allow for default values David Heinemeier Hansson 2025-11-28 16:35:25 -08:00
  • 593f8dd04c No need for self David Heinemeier Hansson 2025-11-28 15:49:10 -08:00
  • d3b6507ce2 Layer on top a more pleasant API for the default case David Heinemeier Hansson 2025-11-28 15:48:46 -08:00
  • 32be03a240 Rely on method missing David Heinemeier Hansson 2025-11-28 05:53:40 -08:00
  • 8e94a4aa1e Better wording David Heinemeier Hansson 2025-11-28 12:43:34 +01:00
  • 15db4033bc Enforce restriction to create new rooms David Heinemeier Hansson 2025-11-27 17:32:14 +01:00
  • f56e33e323 Fix fetching missing values David Heinemeier Hansson 2025-11-27 17:32:00 +01:00
  • bea2c89c2b Add new has_json to add Account#settings to restrict room creation to only administrators David Heinemeier Hansson 2025-11-27 17:15:26 +01:00
  • b7c7d99dcd Merge pull request #119 from basecamp/upgrade-to-rails-8.2.alpha Stanko Krtalić 2025-12-01 13:59:28 +01:00
  • 6197f20a31 Upgrade to Rails 8.2.0.alpha Stanko K.R. 2025-12-01 13:50:53 +01:00
  • 02023b0f0c Merge pull request #118 from basecamp/modernize-scripts Stanko Krtalić 2025-12-01 12:22:04 +01:00
  • af81a4c1ac Create release first Stanko K.R. 2025-12-01 12:21:08 +01:00
  • d4a132865a Merge pull request #117 from basecamp/modernize-scripts Stanko Krtalić 2025-12-01 12:01:13 +01:00
  • f423bb9b07 Remove structure.sql v1.3.0 Stanko K.R. 2025-12-01 11:48:53 +01:00
  • 3367ffaf8f Switch to using schema.rb Stanko K.R. 2025-12-01 11:47:51 +01:00
  • 7593a27a6b Use bash for the setup script Stanko K.R. 2025-12-01 11:21:18 +01:00
  • 133859b8fb Create a Github release Stanko K.R. 2025-12-01 11:20:31 +01:00
  • 13690f754d Merge pull request #116 from basecamp/port-release-script Stanko Krtalić 2025-12-01 10:51:10 +01:00
  • ead80316e0 Port over release script Stanko K.R. 2025-12-01 10:40:24 +01:00
  • 59b322edc6 Merge pull request #111 from basecamp/ip-ban Stanko Krtalić 2025-11-27 15:26:34 +01:00
  • c8ac878353 Polish banned states and confirm Jason Zimdars 2025-11-26 13:08:35 -06:00
  • 30fe6ab121 Add IP-based user banning Kevin McConnell 2025-11-26 09:43:11 +00:00
  • 612ca32d2c Merge pull request #112 from basecamp/update-brakeman Kevin McConnell 2025-11-26 14:30:26 +00:00
  • 5f58a183cd Bump Brakeman to latest Kevin McConnell 2025-11-26 14:26:32 +00:00