Andras Bacsai c9922c30c2 fix: add input validation for install/build/start command fields ...

Add shellSafeCommandRules() validation to install_command, build_command,
and start_command fields in both the Livewire UI and REST API layers.
These fields previously accepted arbitrary strings without validation,
unlike other shell-adjacent fields which already used this pattern.

Also adds comprehensive tests for rejection of dangerous input and
acceptance of legitimate build commands.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-28 12:28:29 +01:00

..

Deployment

feat(logs): Add loading indicator to download all logs buttons

2026-01-02 12:04:17 +01:00

Preview

feat(acl): Change views/backend code to able to use proper ACL's later on. Currently it is not enabled.

2025-08-26 10:27:38 +02:00

Advanced.php

feat: add Docker build cache preservation toggles and development logging

2025-11-26 13:42:02 +01:00

Configuration.php

fix: enable preview deployment page for deploy key applications

2026-02-23 21:08:43 +01:00

DeploymentNavbar.php

feat(deployments): add log copying functionality to clipboard in dev

2025-10-02 18:34:39 +02:00

General.php

fix: add input validation for install/build/start command fields

2026-03-28 12:28:29 +01:00

Heading.php

Fix: Concurrent builds ignored & add deployment queue limit (#7488)

2025-12-11 11:03:02 +01:00

Previews.php

Add deployment queue limit to prevent queue bombing

2025-12-04 13:52:27 +01:00

PreviewsCompose.php

fix: remove {{port}} template variable and ensure ports are always appended to preview URLs

2025-12-07 21:53:47 +01:00

Rollback.php

fix(git-ref-validation): prevent command injection via git references

2026-03-10 22:22:48 +01:00

Source.php

fix(git-ref-validation): prevent command injection via git references

2026-03-10 22:22:48 +01:00

Swarm.php

Revert "rector: arrrrr"

2025-01-07 15:31:43 +01:00