vikunja/pkg/modules/migration/create_from_structure.go at main

mirror of https://github.com/go-vikunja/vikunja.git synced 2026-04-24 22:25:15 +00:00

Files

kolaente db7f1445a8 fix(migration): compute attachment size from content during import

Import metadata is attacker-controlled and can forge a small size to
bypass the attachment size limit (GHSA-qh78-rvg3-cv54). Compute the
size from the decoded content instead of trusting a.File.Size.

2026-04-09 16:22:56 +00:00

15 KiB

Raw Permalink Blame History

View Raw

15 KiB Raw Permalink Blame History

15 KiB

Raw Permalink Blame History