Commit Graph

14639 Commits

Author SHA1 Message Date
Andras Bacsai 521d995ea1 Merge remote-tracking branch 'origin/next' into 7765-healthcheck-investigation 2026-02-25 11:57:58 +01:00
Andras Bacsai 12f8f80eb1 fix(api): add team authorization to domains_by_server endpoint (#8616) 2026-02-25 11:54:29 +01:00
Andras Bacsai 8e2f0836da chore: prepare for PR 2026-02-25 11:52:18 +01:00
Andras Bacsai 57848c25e9 fix(docker): centralize command escaping in executeInDocker helper (#8615) 2026-02-25 11:51:23 +01:00
Andras Bacsai 992b922df3 chore: prepare for PR 2026-02-25 11:50:57 +01:00
Andras Bacsai 0580af0d34 feat(healthchecks): add command health checks with input validation
Add support for command-based health checks in addition to HTTP-based checks:
- New health_check_type field supporting 'http' and 'cmd' values
- New health_check_command field with strict regex validation
- Updated allowedFields in create_application and update_by_uuid endpoints
- Validation rules include max 1000 characters and safe character whitelist
- Added feature tests for health check API endpoints
- Added unit tests for GithubAppPolicy and SharedEnvironmentVariablePolicy
2026-02-25 11:38:09 +01:00
Andras Bacsai 609cb4190e fix(health-checks): sanitize and validate CMD healthcheck commands
- Add regex validation to restrict allowed characters (alphanumeric, spaces, and specific safe symbols)
- Enforce maximum 1000 character limit on healthcheck commands
- Strip newlines and carriage returns to prevent command injection
- Change input field from textarea to text input in UI
- Add warning callout about prohibited shell operators
- Add comprehensive validation tests for both valid and malicious command patterns
2026-02-25 11:28:33 +01:00
Andras Bacsai 24abd51238 fix(auth): prevent cross-tenant IDOR in resource cloning (#8613) 2026-02-25 11:21:52 +01:00
Andras Bacsai 1759a1631c chore: prepare for PR 2026-02-25 11:18:46 +01:00
Andras Bacsai 65d4005493 Merge remote-tracking branch 'origin/next' into 7765-healthcheck-investigation
# Conflicts:
#	app/Livewire/Project/Shared/HealthChecks.php
2026-02-25 11:02:38 +01:00
Andras Bacsai 03a8621516 fix(health-checks): prevent command injection in health check commands (#8611) 2026-02-25 10:59:00 +01:00
Andras Bacsai 30c0b37689 chore: prepare for PR 2026-02-25 10:58:29 +01:00
Aditya Tripathi 036f565785 Merge branch 'next' into feat/healthcheck-cmd 2026-02-24 22:22:02 +05:30
Andras Bacsai cb759b2846 fix(api): correct permission requirements for POST endpoints (#8600) 2026-02-24 14:57:51 +01:00
Andras Bacsai d8419fad93 chore: prepare for PR 2026-02-24 14:57:32 +01:00
Andras Bacsai 279322d50f fix(input): prevent eye icon flash on password fields before Alpine.js loads (#8599) 2026-02-24 12:57:22 +01:00
Andras Bacsai f39a1da7be fix(auth): prevent CSRF redirect loop during 2FA challenge (#8596) 2026-02-24 12:57:10 +01:00
Andras Bacsai 448e922e6c chore: prepare for PR 2026-02-24 12:56:54 +01:00
Andras Bacsai 78e584a136 feat(service): upgrade beszel and beszel-agent to v0.18 (#8513) 2026-02-24 12:56:36 +01:00
Andras Bacsai 912e5f6db2 feat(service): disable pterodactyl panel and pterodactyl wings (#8512) 2026-02-24 12:55:52 +01:00
Andras Bacsai f8de374f77 feat(service): disable plane (#8580) 2026-02-24 12:55:29 +01:00
Andras Bacsai 2986d7604e chore: prepare for PR 2026-02-24 10:17:16 +01:00
ShadowArcanist b36d67288b feat(service): disable plane
The latest version of plane v1.2.2 have security fixed but our template is using v1.0.0 which is 5 months behind the current latest. New version v1.2.2 doesn't work with our existing template so disabling it for now to prevent users from deploying a vulnerable version of plane
2026-02-24 02:34:35 +05:30
Andras Bacsai 021605dbf0 fix(deploy): split BuildKit and secrets detection (#8565) 2026-02-23 15:20:25 +01:00
Andras Bacsai ec14b55f0a chore: prepare for PR 2026-02-23 14:28:28 +01:00
Andras Bacsai 2310ad5f7f chore(ui): widen project heading nav spacing (#8564) 2026-02-23 14:17:38 +01:00
Andras Bacsai 6cacd2f0ff chore: prepare for PR 2026-02-23 14:17:15 +01:00
Andras Bacsai 46923f7e77 fix(applications): treat zero private_key_id as deploy key (#8563) 2026-02-23 14:16:11 +01:00
Andras Bacsai 620da191b1 chore: prepare for PR 2026-02-23 14:15:13 +01:00
Andras Bacsai d71d91d63e fix(version): update coolify version to 4.0.0-beta.464 and nightly version to 4.0.0-beta.465 2026-02-23 13:47:26 +01:00
Andras Bacsai 1f3fca5f71 fix(database): chown redis/keydb configs when custom conf set (#8561) 2026-02-23 13:26:58 +01:00
Andras Bacsai 76a6960f44 chore: prepare for PR 2026-02-23 13:26:01 +01:00
Andras Bacsai f68d60a373 chore(horizon): make max time configurable (#8560) 2026-02-23 13:25:13 +01:00
Andras Bacsai b7b0dfeddd chore: prepare for PR 2026-02-23 13:24:49 +01:00
Andras Bacsai 133241bac1 fix(service): resolve team lookup via service relationship (#8559) 2026-02-23 13:24:01 +01:00
Andras Bacsai 61a54afe2b fix(service): resolve team lookup via service relationship
Update service application/database team accessors to traverse the service relation chain and add coverage to prevent null team regressions.
2026-02-23 13:23:12 +01:00
Andras Bacsai 58acdccfc9 fix(team): include webhook notifications in enabled check (#8557) 2026-02-23 13:03:05 +01:00
Andras Bacsai bf51ed905f chore: prepare for PR 2026-02-23 13:02:06 +01:00
Andras Bacsai c30d94f089 chore(scheduler): fix scheduled job duration metric (#8551) 2026-02-23 12:20:15 +01:00
Andras Bacsai cb0f5cc812 chore: prepare for PR 2026-02-23 12:19:57 +01:00
Andras Bacsai ffb408f214 Create docker-compose-maxio.dev.yml 2026-02-23 12:18:50 +01:00
Andras Bacsai 0c8b9b75f4 fix(traefik): respect force https in service labels (#8550) 2026-02-23 12:16:12 +01:00
Andras Bacsai d51b26c047 Dont ignore "force https" pref when using docker compose (#8424) 2026-02-23 12:15:37 +01:00
Andras Bacsai 16e85e27e8 fix(service): always enable force https labels
Force HTTPS routing labels in parser helpers and remove per-service toggles now that the preference is no longer honored.
2026-02-23 12:14:44 +01:00
Andras Bacsai ba3994bc5c fix(security): harden deployment paths and deploy abilities (#8549) 2026-02-23 12:13:47 +01:00
Andras Bacsai 73170fdd33 chore: prepare for PR 2026-02-23 12:12:10 +01:00
ShadowArcanist 76d3709163 feat(service): upgrade beszel and beszel-agent to v0.18 2026-02-21 23:17:23 +05:30
ShadowArcanist c1951726c0 feat(service): disable pterodactyl panel and pterodactyl wings
The template is using latest version of pterodactyl and the issue is the db migration fails for new users but works fine for existing deployments. We cannot revert the template to previous version because the current latest version addresses few CVEs so it's better to disable this template for now
2026-02-21 21:42:28 +05:30
Aditya Tripathi 04283a03a0 Merge branch 'next' into feat/healthcheck-cmd 2026-02-21 06:54:29 +05:30
Andras Bacsai fd24a54304 feat(monitoring): add scheduled job monitoring dashboard (#8433) 2026-02-18 16:16:56 +01:00