mirror of https://github.com/docusealco/docuseal
master
0.0.1
0.0.2
0.0.3
0.0.4
0.0.5
1.0.0
1.0.1
1.0.2
1.0.3
1.0.4
1.0.5
1.0.6
1.0.7
1.0.8
1.1.0
1.1.1
1.1.10
1.1.11
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.2.5
1.2.6
1.2.7
1.2.8
1.2.9
1.3.0
1.3.1
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.4.0
1.4.1
1.4.2
1.4.3
1.4.4
1.4.5
1.4.6
1.4.7
1.4.8
1.4.9
1.5.0
1.5.1
1.5.2
1.5.3
1.5.4
1.5.5
1.5.6
1.5.7
1.5.8
1.5.9
1.6.0
1.6.1
1.6.2
1.6.3
1.6.4
1.6.5
1.6.6
1.6.7
1.6.8
1.6.9
1.7.0
1.7.1
1.7.2
1.7.3
1.7.4
1.7.5
1.7.6
1.7.7
1.7.8
1.7.9
1.8.0
1.8.1
1.8.2
1.8.3
1.8.4
1.8.5
1.8.6
1.8.7
1.8.8
1.8.9
1.9.0
1.9.1
1.9.10
1.9.2
1.9.3
1.9.4
1.9.5
1.9.6
1.9.7
1.9.8
1.9.9
2.0.0
2.0.1
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
2.1.0
2.1.1
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.2.0
2.2.1
2.2.2
2.2.3
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.4.0
2.4.1
2.4.2
2.4.3
2.4.4
2.5.0
2.5.1
2.5.2
2.5.3
3.0.0
3.0.1
3.0.2
3.0.3
3.1.0
${ noResults }
3 Commits (62bf89c1cd81b9261b5097606677924fd06d1d7f)
| Author | SHA1 | Message | Date |
|---|---|---|---|
Wabo
|
5433aa4dc3 |
1.3.1 — address CodeQL alerts from initial scan
Patch release covering the security findings from the repo's first CodeQL scan against 1.3.0: - Sanitise params[:path] before it flows into form action / link href in submissions_filters/_filter_modal (reflected XSS). - Slice required_params to email/phone before passing to find_by! / find_or_initialize_by in start_form_controller (column-name injection via template-owner-controlled link_form_fields preference). - Rewrite FULL_EMAIL_REGEXP local-part to remove the nested quantifier (ReDoS). - Replace the Bearer-token regex in mcp_controller with a string prefix check (polynomial ReDoS). - Swap Math.random()-based attachment UUIDs for crypto.randomUUID() in the submission-form Vue dropzone / signature / initials steps. - Add a workflow-level permissions: read-all block to ci.yml. See CHANGELOG.md [1.3.1] for the full per-alert breakdown and the list of CodeQL findings that are false positives in context. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
1 month ago |
|
Wabo
|
2796ddf424 |
Rebrand DocuSeal to WaboSign and unlock Pro features
Renames the product to WaboSign across UI, mailers, locales, assets, and internal Ruby module. Keeps the upstream DocuSeal attribution required by AGPLv3 §7(b) in the powered-by footer, email attribution, README, and a new NOTICE file. Migration renames the AATL cert identifier in encrypted configs from docuseal_aatl to wabosign_aatl. Removes multitenant-gated Pro upsell UI (Plans/Console/Upgrade links, SMS/SSO/bulk-send/logo placeholders, reminder-duration restriction, the "DocuSeal Pro" email-attribution toggle, conditions/formula/payment pricing links) so every shipped feature is reachable on a self-hosted deployment. Multitenant routing logic is preserved. Drops Discord, Twitter, and ChatGPT/AI-assistant chrome. Embedding modal keeps the upstream <docuseal-form> / @docuseal/* SDK contract so existing embedded forms continue to work; documented in NOTICE. REBRANDING.md captures the change inventory for future maintainers. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com> |
1 month ago |
Alex Turchyn
|
62a969d8fe
|
add MCP support
|
4 months ago |