|
1 | 1 | # Changelog |
2 | 2 |
|
| 3 | +## [5.2.0] - Unreleased |
| 4 | + |
| 5 | +## Security |
| 6 | + |
| 7 | +- StaticFiles: prevent path traversal by normalizing the resolved path with |
| 8 | + Path.GetFullPath, rejecting '..' / NUL sequences, and verifying containment |
| 9 | + inside the configured site root (case-insensitive on Windows/macOS). |
| 10 | + Both IsValidPath() and the data-reading methods now use the safe resolver. |
| 11 | + |
| 12 | +- FilesInMemoryCache / InMemoryFilesCacheHandler: bound the in-memory cache |
| 13 | + (MaxItems, default 1024), normalize keys case-insensitively to defeat |
| 14 | + path case-variant OOM DoS, and invalidate stale entries based on the |
| 15 | + file's last-modification timestamp. |
| 16 | + |
| 17 | +- Redirector: harden Redirect(string) - accept same-origin relative paths |
| 18 | + only when they start with '/' (rejecting '//' and '/' scheme-spoofs) |
| 19 | + and compare absolute URLs by scheme+host+port instead of substring |
| 20 | + StartsWith. All redirect/login/previous-page cookies are now HttpOnly, |
| 21 | + SameSite=Lax, Secure. |
| 22 | + |
| 23 | +- SimplifyWebSettings: default HideExceptionDetails to true so unhandled |
| 24 | + exception stack traces are no longer leaked to anonymous users by default. |
| 25 | + |
| 26 | +- LanguageManager: language cookie switched from SameSite=None to Lax. |
| 27 | + |
| 28 | +## Fixed |
| 29 | + |
| 30 | +- WebContext: pass leaveOpen:true to the StreamReader used to consume the |
| 31 | + request body so subsequent middleware/model binders can still read it; |
| 32 | + add double-check inside semaphore-guarded sections; implement IDisposable |
| 33 | + so per-scope semaphores release their kernel handles. |
| 34 | + |
| 35 | +- ControllerMetadata: detect [Authorize] on base controllers (inherit:true) |
| 36 | + so derived controllers don't silently become anonymous. |
| 37 | + |
| 38 | +- AuthRedirectExtensions: only issue the 401->redirect when the response |
| 39 | + has not started, avoiding InvalidOperationException 500s when upstream |
| 40 | + authentication middleware already flushed a challenge. |
| 41 | + |
| 42 | +- FileReader: replace static Dictionary caches guarded by an external lock |
| 43 | + with ConcurrentDictionary to eliminate read-while-write corruption. |
| 44 | + |
| 45 | +- TemplateFactory: replace Dictionary + dual lock/semaphore primitives with |
| 46 | + a ConcurrentDictionary cache and unify sync/async paths on a single |
| 47 | + SemaphoreSlim to avoid duplicate-add races. |
| 48 | + |
3 | 49 | ## [5.1.0] - 2024-07-28 |
4 | 50 |
|
5 | 51 | ### Added |
|
0 commit comments