Paul Trudel
06b7628f61
Restrict supported HTTP method types on endpoints
2024-05-07 20:34:20 +00:00
Paul Trudel
b2b57aca03
Remove support for join POST requests and fix checksum calculation for POST requests
2024-05-06 17:56:59 +00:00
Paul
183983be7f
Added request content type validation
2024-04-15 11:29:03 -04:00
Paul
1e9e461f50
Check for pressence of query and body
2024-04-15 11:29:03 -04:00
Anton Georgiev
78ece5f05c
feat(config): Add option to disabled "Download session data" on Learning Dashboard (backport) ( #19641 )
...
* Add option disabledFeatures=learningDashboardDownloadSessionData
* docs: document learningDashboardDownloadSessionData
---------
Co-authored-by: Gustavo Trott <gustavo@trott.com.br>
2024-02-20 09:21:57 -05:00
Anton Georgiev
f50e10b5ea
fix(sec): filter tags in presentation name
2024-01-10 14:15:56 -05:00
Paul Trudel
d33a1c028a
Update bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
...
Co-authored-by: Gustavo Trott <gustavo@trott.com.br>
2023-10-20 08:27:15 -04:00
Paul Trudel
3dc4cb28d9
Update bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
...
Co-authored-by: Gustavo Trott <gustavo@trott.com.br>
2023-10-20 08:27:09 -04:00
Paul Trudel
bc7c3143ba
Prevent null error when parent meeting does not exist
2023-10-19 19:54:43 +00:00
Anton Georgiev
d24cdfde6f
Merge pull request #18975 from Ithanil/fix_isbreakout_api
...
fix: check for presence of parentMeetingID if isBreakout is true
2023-10-19 14:35:05 -04:00
Gustavo Trott
c026ecc727
Update bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
2023-10-19 14:46:10 -03:00
Gustavo Trott
73b7bded08
Update bigbluebutton-web/grails-app/controllers/org/bigbluebutton/web/controllers/ApiController.groovy
2023-10-19 14:45:59 -03:00
GuiLeme
d6670a4145
[issue-18924] - changes in review, and added possibility to insert a name along with URL
2023-10-19 10:27:38 -03:00
Jan Kessler
520668632f
fix check for presence of parentMeetingId if isBreakout is true
2023-10-19 10:53:54 +02:00
GuiLeme
a22068be18
[Issue-18924] - Changed parameter name to preUploadedPresentation
2023-10-17 10:38:44 -03:00
GuiLeme
d7d228d047
[Issue-18924]
2023-10-17 10:26:09 -03:00
GuiLeme
0aacb12cc8
[issue-18408-back-end] - added disabled download of converted presentation
2023-08-25 11:37:32 -03:00
GuiLeme
2cf6720b5f
[issue-18408-back-end] - change name of download original pres
2023-08-25 09:27:01 -03:00
Ramón Souza
4b6686ef76
add comment
2023-07-31 17:07:41 -03:00
Anton Georgiev
a962a44c74
Merge branch 'v2.6.x-release' of github.com:bigbluebutton/bigbluebutton into june14merge
2023-06-14 10:07:54 -04:00
Anton Georgiev
49d48c0945
Merge pull request #18097 from ramonlsouza/16120
...
feat: Add Lock Setting For Viewer Annotations
2023-06-08 11:12:22 -04:00
Anton Georgiev
b699a46802
Merge pull request #17975 from paultrudel/breakout-room-exception-fix
...
fix: Added check for parentMeetingId if isBreakout is true
2023-06-06 09:35:04 -04:00
Anton Georgiev
1146ab9be9
Merge branch 'v2.6.x-release' of github.com:bigbluebutton/bigbluebutton into merge-26-27-june-6
2023-06-06 09:28:53 -04:00
Ramón Souza
22b02ead28
Merge remote-tracking branch 'upstream/v2.7.x-release' into 16120
2023-06-06 08:45:29 -03:00
Paul Trudel
fe43eba452
Allow default presentation to bypass localhost check
2023-06-05 14:32:25 +00:00
Anton Georgiev
748c7a4a0b
Merge branch 'v2.6.x-release' of github.com:bigbluebutton/bigbluebutton into june227
2023-06-02 09:45:34 -04:00
Anton Georgiev
b18aff32e6
Merge pull request #18045 from paultrudel/ssrf-fix
...
fix(sec): SSRF fix
2023-05-31 18:19:40 -04:00
prlanzarin
4d1aa87a88
feat: only record media while meeting is being actively recorded
...
Only record media (microphone, webcams and screens) while meeting is
being actively recorded (ie an user has enabled recording in the
conference). If the conference's recording is paused, media capture will
stop as well (with appropriate recording events).
A bigbluebutton.properties/API#create parameter called
`recordFullDurationMedia` is added to control this behavior. The default
is false (only capture while recording is active). Setting it to `true`
enables the current (legacy) behavior: always capture media if the
meeting's `recorded` prop is true.
2023-05-31 16:36:11 -03:00
Paul Trudel
08a87f2dad
Changed names of presentation download properties and set https as default
2023-05-30 14:02:13 +00:00
Anton Georgiev
25af259d2d
Merge branch 'v2.6.x-release' of github.com:bigbluebutton/bigbluebutton into merge-may-24
2023-05-24 17:23:00 -04:00
Paul Trudel
9840e6630f
Added check for parentMeetingId if isBreakout is true
2023-05-23 19:34:34 +00:00
Paul Trudel
de58b4ceec
Added condition to check if no passwords are provided
2023-05-17 18:35:05 +00:00
GuiLeme
1b26302745
[issue-17531] - merge upstream/v2.7.x-release
2023-05-16 15:30:15 -03:00
Anton Georgiev
510c94cfa7
Merge branch 'v2.6.x-release' of github.com:bigbluebutton/bigbluebutton into may16-merge
2023-05-16 13:35:47 -04:00
Paul Trudel
575ff77261
Added localhost to blocked hosts
2023-05-16 15:17:30 +00:00
Paul Trudel
8fd1d52e62
All protocols are supported now by default
2023-05-10 19:22:28 +00:00
GuiLeme
163017c90a
[issue-17738] - patch
2023-05-09 15:09:13 -03:00
GuiLeme
d2c5b33eec
[issue-17839] - back-end part for hide_presentation_on_join issue
2023-05-09 12:01:55 -03:00
GuiLeme
90078aedc7
[issue-17531] - resolve conflicts with 2.7
2023-05-04 08:56:27 -03:00
Ramón Souza
af8556e026
Merge remote-tracking branch 'upstream/v2.6.x-release' into 26-27-apr24
2023-04-24 17:15:47 -03:00
Paul Trudel
c378ffe4a9
Added new properties for supported protocols and blocked hosts
2023-04-21 15:29:19 +00:00
GuiLeme
6e05e3ca51
[issue-17131] - Suggestions in review and some change of behavior
2023-04-20 08:48:43 -03:00
Anton Georgiev
b5440c0d6f
Merge pull request #17202 from paultrudel/redirect-on-max-participants
...
fix/feature (bbb-web): Add new join param `errorRedirectUrl` and fix to respect redirect
2023-04-14 14:00:05 -04:00
Paul Trudel
f0ed95f724
Renamed join param redirectUrl to errorRedirectUrl
2023-04-13 14:26:48 +00:00
Gustavo Trott
a7a4005cd5
Fix [''] as default value for disabledFeatures
2023-04-10 11:22:16 -03:00
Paul Trudel
b55d152d2c
Removed ClientConfigService from bbb-web
2023-03-31 13:24:02 +00:00
Paul Trudel
657d608bbb
Added new join param redirectUrl and fixed redirect
2023-03-23 19:11:49 +00:00
Paul Trudel
5de1eed038
Added error message when guest is denied access to meeting
2023-03-09 20:57:26 +00:00
prlanzarin
58f7fa3df6
fix: encode user-name before sending it as header to checkAuthorization users
...
Lack of encoding is causing some specific languages to have the user-name
header stripped out from the HTTP Upgrade requests used by the
checkAuthorization users (bbb-webrtc-sfu). That translates to
webcam/screenshare/listen only failing due to an incomplete header set.
2023-03-06 10:12:34 -03:00
Gustavo Trott
895f3639b5
Merge pull request #16769 from GuiLeme/issue-16734
2023-02-27 15:19:38 -03:00