Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.21.0 2023-02-06T14:42:53+00:00 2023-02-06T14:42:53+00:00 Alexandre Alapetite alexandre@alapetite.fr 2023-02-06T14:42:53+00:00 urn:sha1:e899e4edd97c296a29b2a8da2c2e3b598622c36e * More robust application of access permissions We were in particular missing directory traversal `+X` in our current recommendations. Extracted to own shell script so it can easily be invoked. Update access permissions in Docker to account to be more robust. #fix https://github.com/FreshRSS/FreshRSS/discussions/5037 * Minor simplification * Restrict mkdir permissions Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770. 2023-01-19T17:26:04+00:00 Alexandre Alapetite alexandre@alapetite.fr 2023-01-19T17:26:04+00:00 urn:sha1:dbdb7869c47ab8c9e3a42384401a7e29599e192f * Safer timezone set Add missing tzdata in Docker :newest Fallback to UTC if no timezone is defined at all #fix https://github.com/FreshRSS/FreshRSS/pull/4906#issuecomment-1386747169 * Better refactoring Show fallback timezone everywhere 2023-01-11T22:27:14+00:00 Alexandre Alapetite alexandre@alapetite.fr 2023-01-11T22:27:14+00:00 urn:sha1:075cf4c800063e3cc65c3d41a9c23222e8ebb554 * API avoid logging passwords * Strip passwords and tokens from API logs * Only log failed requests information when in debug mode * Remove debug SHA * Clean also Apache logs * Better comments * Redact also token parameters * shfmt * Simplify whitespace * redacted 2022-12-28T22:07:52+00:00 Alexandre Alapetite alexandre@alapetite.fr 2022-12-28T22:07:52+00:00 urn:sha1:7330cbab3852a27d0b5c04aa794cd6f7fe27ad76 To ease adding custom extensions such as in https://github.com/FreshRSS/Extensions/issues/37#issuecomment-1363474585 2022-11-30T19:45:40+00:00 Alexandre Alapetite alexandre@alapetite.fr 2022-11-30T19:45:40+00:00 urn:sha1:543fa4e76c1761154801febd08400520b75143e3 * Docker Alpine timezone for :newest and :oldest Follow-up of https://github.com/FreshRSS/FreshRSS/pull/4903 Forgot the development images Newest and Oldest * Uniform timezone behaviour * shellcheck * A bit more documentation 2022-11-28T17:02:33+00:00 Alexandre Alapetite alexandre@alapetite.fr 2022-11-28T17:02:33+00:00 urn:sha1:60d626030d1c3fc5ee42ddabd379318509ccc154 Allow setting the timezone with a `TZ` environment variable in our Alpine-based Docker images just like for our Debian-based Doker images. See https://github.com/FreshRSS/FreshRSS/discussions/4898#discussioncomment-4245991 2022-11-23T21:40:41+00:00 Alexandre Alapetite alexandre@alapetite.fr 2022-11-23T21:40:41+00:00 urn:sha1:be79c5a8e7dd74b839044d53e50046091674e204 * Docker Alpine 3.17 Update alternative Docker image to Alpine 3.17 with PHP 8.1.12 (and still Apache 2.4.54) https://alpinelinux.org/posts/Alpine-3.17.0-released.html * Fix developer access rights Put developer in www-data group 2022-11-16T22:27:45+00:00 Alexandre Alapetite alexandre@alapetite.fr 2022-11-16T22:27:45+00:00 urn:sha1:e1b2f6ae1370111ca273e77c1fc7c5df3b11a2ec I have just received an e-mail with a security concern. Although most likely an obsolete concern (old browsers with Java applets), and the Apache team saying that there is no problem, let's disable the TRACE method by default in our Docker images until we hear anybody actually wanting this feature. https://httpd.apache.org/docs/current/mod/core.html#traceenable https://owasp.org/www-community/attacks/Cross_Site_Tracing 2022-11-14T14:02:44+00:00 Alexandre Alapetite alexandre@alapetite.fr 2022-11-14T14:02:44+00:00 urn:sha1:570503b7f12df7d12af29905da97131b032c7da0 Drop PHP 7.0- as planned https://github.com/FreshRSS/FreshRSS/discussions/3321#discussioncomment-835704 2022-06-19T18:09:09+00:00 Alexandre Alapetite alexandre@alapetite.fr 2022-06-19T18:09:09+00:00 urn:sha1:a90d93979f63b48c76308ae26c845d8b58f5368d * Added PHP extensions `php-openssl` (used by PHPMailer) and php-xml (used by SimplePie) * Upgraded dev image `freshrss/freshrss:newest` to PHP 8.2.