Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(core): User update endpoint should only allow updating email, firstName, and lastName #5526

Merged
merged 1 commit into from
Feb 21, 2023

Conversation

netroy
Copy link
Member

@netroy netroy commented Feb 20, 2023

No description provided.

@n8n-assistant n8n-assistant bot added core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team labels Feb 20, 2023
@netroy netroy force-pushed the fix-auth-update-vulnerability branch from e832331 to dece104 Compare February 21, 2023 09:50
@netroy netroy force-pushed the fix-auth-update-vulnerability branch from dece104 to 1414bfa Compare February 21, 2023 09:54
Copy link
Contributor

@krynble krynble left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@netroy netroy merged commit 510855d into n8n-io:master Feb 21, 2023
@netroy netroy deleted the fix-auth-update-vulnerability branch February 21, 2023 10:22
@n8n-assistant n8n-assistant bot added the Upcoming Release Will be part of the upcoming release label Feb 21, 2023
janober pushed a commit that referenced this pull request Feb 21, 2023
janober added a commit that referenced this pull request Feb 21, 2023
* 🚀 Release 0.216.1

* fix(core): Do not allow arbitrary path traversal in the credential-translation endpoint (#5522)

* fix(core): Do not allow arbitrary path traversal in BinaryDataManager (#5523)

* fix(core): User update endpoint should only allow updating email, firstName, and lastName (#5526)

* fix(core): Do not explicitly bypass auth on urls containing `.svg` (#5525)

* 📚 Update CHANGELOG.md

---------

Co-authored-by: janober <janober@users.noreply.github.com>
Co-authored-by: कारतोफ्फेलस्क्रिप्ट™ <netroy@users.noreply.github.com>
Co-authored-by: Jan Oberhauser <jan.oberhauser@gmail.com>
@janober
Copy link
Member

janober commented Feb 21, 2023

Got released with n8n@0.216.1

@janober janober removed the Upcoming Release Will be part of the upcoming release label Feb 21, 2023
netroy added a commit to netroy/n8n that referenced this pull request Feb 23, 2023
netroy added a commit that referenced this pull request Feb 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
core Enhancement outside /nodes-base and /editor-ui n8n team Authored by the n8n team skip-e2e
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants