dify-plus

third/dify-plus

Fork 0

mirror of https://github.com/YFGaia/dify-plus.git synced 2026-06-04 10:14:00 +08:00

Commit Graph

Author	SHA1	Message	Date
npc0-hue	8c9e7652ec	fix: 依赖更新 Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write #106 @isaacs/brace-expansion has Uncontrolled Resource Consumption #107 jwt-go allows excessive memory allocation during header parsing #24 golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange #29 部分文件修复	2026-02-04 18:10:06 +08:00
npc0-hue	7ba4db8888	fix: 修改管理端的请求api端的CSRF逻辑：需要 x-csrf-token header 需要 csrf_token cookie 两者必须一致，且是有效的JWT（包含 exp 和 sub=user_id）	2026-01-22 15:30:36 +08:00
FamousMai	b5aa970766	feat: 新增sandbox-full支持	2025-03-28 15:18:33 +08:00

Author

SHA1

Message

Date

npc0-hue

8c9e7652ec

fix: 依赖更新

Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto
Unstructured has Path Traversal via Malicious MSG Attachment that Allows Arbitrary File Write #106
@isaacs/brace-expansion has Uncontrolled Resource Consumption #107
jwt-go allows excessive memory allocation during header parsing #24
golang.org/x/crypto Vulnerable to Denial of Service (DoS) via Slow or Incomplete Key Exchange #29
部分文件修复

2026-02-04 18:10:06 +08:00

npc0-hue

7ba4db8888

fix: 修改管理端的请求api端的CSRF逻辑：

需要 x-csrf-token header
需要 csrf_token cookie
两者必须一致，且是有效的JWT（包含 exp 和 sub=user_id）

2026-01-22 15:30:36 +08:00

FamousMai

b5aa970766

feat: 新增sandbox-full支持

2025-03-28 15:18:33 +08:00

3 Commits