remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
35 Commits 1 Branch 0 Tags
2d8beaa53121d7f6f516c7fdd6b08cfc00dcafd2
Commit Graph

4 Commits

Author SHA1 Message Date
root 81839c7202 chore: update doctrine/dbal to v4, activitylog to v5, sluggable to v4, roadrunner-http to v4 2026-05-23 17:20:57 +02:00
root a07d216635 fix: update axios, move env() to config, cache config/routes/events/filament 2026-05-21 16:23:56 +02:00
root 7f59024bef fix(security): patch critical security vulnerabilities 
- Remove User::$guarded = [] to prevent mass assignment attacks
- Enable SQL strict mode and disable emulated prepares (SQL injection prevention)
- Switch password hashing from bcrypt to argon2id (stronger algorithm)
- Enable session encryption to protect session data at rest
- Restrict TrustProxies to localhost only (prevent IP spoofing)
- Restrict CORS allowed_methods via env variable instead of wildcard
- Add PayPal amount mismatch detection to prevent payment manipulation
- Add double-capture prevention (idempotency check)
- Add expected_amount column to transactions table for verification
 2026-05-19 19:37:15 +02:00
root 9d73f82529 Initial commit 2026-05-09 17:32:17 +02:00