Commit Graph

800 Commits

Author SHA1 Message Date
Paul Trudel
747173b930 Removed unused POST checksum validation code 2024-05-13 19:31:29 +00:00
Paul Trudel
c7805b0038 Remove support for join POST requests and fix checksum calculation for POST requests 2024-05-13 19:16:18 +00:00
Paul Trudel
211c530462 Add support for text/xml to create and insertDocument 2024-05-13 19:15:57 +00:00
Paul Trudel
f61c67140e Removed unused set of supported content types from validator 2024-05-13 19:15:47 +00:00
Paul Trudel
99176af136 Added servlet request back to the checksums 2024-05-13 19:15:32 +00:00
Paul Trudel
b6de2a1b55 Allow each request to define its own supported content types 2024-05-13 19:15:16 +00:00
Paul Trudel
9ec21acb2e Changed content type validation error key and message 2024-05-13 19:15:06 +00:00
Paul Trudel
17b370b8e6 Reject requests with a body but no Content-Type header 2024-05-13 19:14:56 +00:00
Paul
8e8c2189ab Removed support for application/json content 2024-04-15 11:37:39 -04:00
Paul
78d767202a Added request content type validation 2024-04-15 11:37:05 -04:00
Paul
393d67f0b8 Check for pressence of query and body 2024-04-15 11:35:40 -04:00
Anton Georgiev
676573e3cc fix(sec): bump postgresql to 42.7.2 2024-02-21 14:26:51 -05:00
GuiLeme
7b36f19abb [GHSA-j42p-fh2w-24q6] - validate URL for external upload of presentation. 2024-01-11 16:14:03 -05:00
Anton Georgiev
d7556c74aa fix(sec): filter tags in presentation name 2024-01-11 16:01:59 -05:00
Paul Trudel
7bab189a23 Change target to release for java 17 2023-08-31 07:00:42 -04:00
Gustavo Trott
0e21fcdc2e Fix: Getting final Url (from redirect) on presentation upload 2023-08-17 09:43:26 -03:00
danielpetri1
74e88d0a28 Remove unused imports 2023-06-07 14:44:02 +00:00
danielpetri1
a2a41b6282 Merge branch 'mime-fixes' of github.com:danielpetri1/bigbluebutton into mime-fixes 2023-06-06 12:09:27 +00:00
danielpetri1
bc090d71bb Permit .docx with .doc content 2023-06-06 12:08:21 +00:00
Daniel Petri Rocha
d2762657ee
Merge branch 'v2.6.x-release' into mime-fixes 2023-06-06 12:12:13 +02:00
danielpetri1
ffeb8c3acb Allow multiple MIME types per extension 2023-06-06 10:08:14 +00:00
Paul Trudel
d9cce76c33 Remove unecessary log 2023-06-05 14:33:52 +00:00
Paul Trudel
fe43eba452 Allow default presentation to bypass localhost check 2023-06-05 14:32:25 +00:00
Paul Trudel
ae11bd43a3 Default presentation exempt from validation 2023-06-05 13:49:47 +00:00
prlanzarin
9f46b10485 fix: typo when parsing recordFullDurationMedia API param 2023-06-01 15:05:50 -03:00
Anton Georgiev
e92862ee00
Merge pull request #17986 from paultrudel/meeting-info-attendee-update
fix(Meeting API): Only include online users in attendee list
2023-05-31 18:29:14 -04:00
Anton Georgiev
b18aff32e6
Merge pull request #18045 from paultrudel/ssrf-fix
fix(sec): SSRF fix
2023-05-31 18:19:40 -04:00
prlanzarin
4d1aa87a88 feat: only record media while meeting is being actively recorded
Only record media (microphone, webcams and screens) while meeting is
being actively recorded (ie an user has enabled recording in the
conference). If the conference's recording is paused, media capture will
stop as well (with appropriate recording events).

A bigbluebutton.properties/API#create parameter called
`recordFullDurationMedia` is added to control this behavior. The default
is false (only capture while recording is active). Setting it to `true`
enables the current (legacy) behavior: always capture media if the
meeting's `recorded` prop is true.
2023-05-31 16:36:11 -03:00
danielpetri1
ba6b33a83f Don't rely on filename to determine MIME type 2023-05-30 15:59:58 +00:00
Paul Trudel
08a87f2dad Changed names of presentation download properties and set https as default 2023-05-30 14:02:13 +00:00
danielpetri1
cf9c0899d0 Use Tika as MIME detection tool 2023-05-29 13:19:49 +00:00
Anton Georgiev
ac365d9ad9
Merge pull request #18007 from paultrudel/upgrade-spring-26
fix(sec): Upgrade Spring
2023-05-25 19:49:49 -04:00
Paul Trudel
e7bc91d389 Upgrade spring validation library to 2.7.12 2023-05-25 20:16:28 +00:00
Anton Georgiev
7585f99352 feat: introduce disableFeaturesExclude CREATE API param 2023-05-25 15:43:30 -04:00
Paul Trudel
b641c6313a Only include online users in attendee list 2023-05-24 19:58:16 +00:00
Paul Trudel
575ff77261 Added localhost to blocked hosts 2023-05-16 15:17:30 +00:00
Ramón Souza
dcef3e3d7b
Merge pull request #17845 from ramonlsouza/issue-17839
fix: ignore restore on update for first load of initial presentation
2023-05-15 13:41:27 -03:00
Paul Trudel
82f6c3022e Changed log level of protocol warning 2023-05-12 15:55:29 +00:00
Paul Trudel
8fd1d52e62 All protocols are supported now by default 2023-05-10 19:22:28 +00:00
Anton Georgiev
ba8aa3468f
Merge pull request #17860 from ramonlsouza/issue-17840
fix: Learning dashboard is available in breakout rooms
2023-05-10 11:45:01 -04:00
Anton Georgiev
706eb4e762
Merge pull request #17844 from paultrudel/unreleased-streams-fix
fix(sec): Unreleased streams fix
2023-05-10 10:47:37 -04:00
Gustavo Trott
e6cd0e1696
make validation about Learning Dashboard more readable 2023-05-10 09:46:12 -03:00
Ramón Souza
c0cf3502d2 disable learning dashboard for breakout rooms 2023-05-10 09:17:02 -03:00
GuiLeme
163017c90a [issue-17738] - patch 2023-05-09 15:09:13 -03:00
Paul Trudel
6c0915d71b Initialized file input stream 2023-05-09 15:17:14 +00:00
GuiLeme
d2c5b33eec [issue-17839] - back-end part for hide_presentation_on_join issue 2023-05-09 12:01:55 -03:00
Paul Trudel
1b5015211e Change registeredUser joined to false after leave 2023-04-26 15:41:29 +00:00
Paul Trudel
c378ffe4a9 Added new properties for supported protocols and blocked hosts 2023-04-21 15:29:19 +00:00
Paul Trudel
9e7ceb7b84 Added additional url validation checks for presentation upload 2023-04-20 19:53:08 +00:00
Paul Trudel
68a0623f6c Added initial url validation check to presentation upload 2023-04-19 21:03:52 +00:00