 root
|
769abddeca
|
Disable Boost browser_logs_watcher by default, remove old browser.log
|
2026-05-26 17:05:17 +02:00 |
|
|
root
|
c0077a6039
|
Fix session same_site to use env, fix Article model import, remove unused traits
|
2026-05-26 16:59:49 +02:00 |
|
|
root
|
55b5aab458
|
Security fixes: remove dangerous public scripts, add .htaccess hardening, disable log-viewer by default, remove root index.php
|
2026-05-26 16:52:09 +02:00 |
|
|
root
|
93e6f6a273
|
Add (bool) type casts to all boolean env() calls across config files
|
2026-05-26 16:40:52 +02:00 |
|
|
root
|
f5c21e36f1
|
Add (bool) type casts to all boolean env() calls in config/habbo.php
|
2026-05-26 16:37:29 +02:00 |
|
|
root
|
bf3b474ee1
|
feat: complete configuration and database upgrade to native mariadb driver
|
2026-05-24 18:43:57 +02:00 |
|
|
root
|
81839c7202
|
chore: update doctrine/dbal to v4, activitylog to v5, sluggable to v4, roadrunner-http to v4
|
2026-05-23 17:20:57 +02:00 |
|
|
root
|
a07d216635
|
fix: update axios, move env() to config, cache config/routes/events/filament
|
2026-05-21 16:23:56 +02:00 |
|
|
root
|
7f59024bef
|
fix(security): patch critical security vulnerabilities
- Remove User::$guarded = [] to prevent mass assignment attacks
- Enable SQL strict mode and disable emulated prepares (SQL injection prevention)
- Switch password hashing from bcrypt to argon2id (stronger algorithm)
- Enable session encryption to protect session data at rest
- Restrict TrustProxies to localhost only (prevent IP spoofing)
- Restrict CORS allowed_methods via env variable instead of wildcard
- Add PayPal amount mismatch detection to prevent payment manipulation
- Add double-capture prevention (idempotency check)
- Add expected_amount column to transactions table for verification
|
2026-05-19 19:37:15 +02:00 |
|
|
root
|
9d73f82529
|
Initial commit
|
2026-05-09 17:32:17 +02:00 |
|