 root
|
4b6872e5e0
|
Low priority fixes: debug comments, Fortify cleanup, badge cost setting, profile query merge, User model fixes, VPN constructor cleanup, PayPal POST, PII removal, Dutch→English translations, duplicate rank check, CHANGELOG
|
2026-06-04 19:57:01 +02:00 |
|
|
root
|
1f9af5279a
|
fix: add DEFAULT 0 to last_username_change column, seeder, fillable, and factory
|
2026-05-27 20:23:06 +02:00 |
|
|
root
|
6de250f49f
|
fix: remove spatie/laravel-ray (breaks error handler) and fix dontSubmitEmptyLogs for activitylog v5
|
2026-05-23 18:26:38 +02:00 |
|
|
root
|
81839c7202
|
chore: update doctrine/dbal to v4, activitylog to v5, sluggable to v4, roadrunner-http to v4
|
2026-05-23 17:20:57 +02:00 |
|
|
root
|
7f59024bef
|
fix(security): patch critical security vulnerabilities
- Remove User::$guarded = [] to prevent mass assignment attacks
- Enable SQL strict mode and disable emulated prepares (SQL injection prevention)
- Switch password hashing from bcrypt to argon2id (stronger algorithm)
- Enable session encryption to protect session data at rest
- Restrict TrustProxies to localhost only (prevent IP spoofing)
- Restrict CORS allowed_methods via env variable instead of wildcard
- Add PayPal amount mismatch detection to prevent payment manipulation
- Add double-capture prevention (idempotency check)
- Add expected_amount column to transactions table for verification
|
2026-05-19 19:37:15 +02:00 |
|
|
root
|
9d73f82529
|
Initial commit
|
2026-05-09 17:32:17 +02:00 |
|