- bin/sync-upstream: automation script for upstream tag sync with
logo file restoration from ORIG_HEAD after merge
- CI: setup-node@v1->@v4, set-output->$GITHUB_OUTPUT,
docuseal_test->wabosign_test, add rebrand-check and
assets-precompile jobs
- Docker: checkout@v3->@v4, metadata-action@v4->@v5,
login-action@v3->@v6, images->wabolabs/wabosign, add PR build test
- rebrand-sync: add logo paths to DENY_PATHS
- .gitattributes: add -merge for brand logo files
- REBRANDING.md: update per-sync workflow with logo restoration step
- Rubocop Style/RedundantRegexpEscape: remove unnecessary \- in two
character classes in FULL_EMAIL_REGEXP (user.rb:59)
- Brakeman LinkToHref XSS: add fingerprint to brakeman.ignore — the
filter_path guard (start_with?('/')) prevents javascript: and
absolute-URL attacks; Brakeman still tracks params[:path] taint
through the conditional assignment
- RSpec install: switch pdfium binary source from the deleted
docusealco/pdfium-binaries to bblanchon/pdfium-binaries (same
tarball layout: lib/libpdfium.so)
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Patch release covering the security findings from the repo's first
CodeQL scan against 1.3.0:
- Sanitise params[:path] before it flows into form action / link href
in submissions_filters/_filter_modal (reflected XSS).
- Slice required_params to email/phone before passing to find_by! /
find_or_initialize_by in start_form_controller (column-name
injection via template-owner-controlled link_form_fields preference).
- Rewrite FULL_EMAIL_REGEXP local-part to remove the nested quantifier
(ReDoS).
- Replace the Bearer-token regex in mcp_controller with a string
prefix check (polynomial ReDoS).
- Swap Math.random()-based attachment UUIDs for crypto.randomUUID()
in the submission-form Vue dropzone / signature / initials steps.
- Add a workflow-level permissions: read-all block to ci.yml.
See CHANGELOG.md [1.3.1] for the full per-alert breakdown and the
list of CodeQL findings that are false positives in context.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Adds a deterministic rebrand sweep so each upstream sync is a scripted
transformation rather than a manual sweep:
- bin/rebrand-sync — idempotent Ruby script that rewrites DocuSeal →
WaboSign tokens across the tree (Ruby module, AATL cert name, DB
names, Docker user, registry/repo URLs, DOM-ID/localStorage prefix,
daisyUI theme name, hardcoded UI strings). Sentinel-protects AGPL
§7(b) attribution phrases, SDK custom-element identifiers, the
@docuseal/* npm packages, and the docusealco/{fields-detection,
pdfium-binaries,turbo} binary URLs. Deny-lists NOTICE, LICENSE_*,
README, the AGPL attribution partials, calculator.js's DocuSeal LLC
copyright, lib/wabosign.rb's UPSTREAM constants, and the
docuseal_aatl migration that searches by the legacy name.
- bin/rebrand-check — fails CI when an unintended DocuSeal reference
survives in the tree. Wired in as the new `Rebrand check` job in
.github/workflows/ci.yml.
- REBRANDING.md gains a "Sync workflow" section documenting the
per-sync steps, rerere setup, and how to keep the two scripts'
allow/preserve lists in sync.
- .gitattributes marks Gemfile.lock and yarn.lock as -merge — they get
regenerated post-merge rather than diffed.
- Latent rebrand leftovers fixed: public/service-worker.js no longer
logs "DocuSeal App installed/activated"; .dockerignore and
.gitignore now ignore /wabosign (the actual runtime data dir mount)
rather than the stale /docuseal path.
Strategy detail lives at .claude/plans/come-up-with-a-foamy-flask.md.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
- actions/checkout@v3 -> @v4 in docker.yml
- actions/setup-node@v1 -> @v4 in ci.yml (both jobs that use it)
- Replace deprecated `::set-output` with $GITHUB_OUTPUT in the
ESLint yarn-cache-dir step
The remaining Node 20 deprecation warnings on actions/cache@v4,
actions/checkout@v4, and the docker/* actions will resolve once
upstream ships Node 24 builds; not blocking, the runtime won't
flip until 2026-06.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Sweep of stale upstream cruft and missing release-process plumbing:
- SECURITY.md routes vuln reports to wabosign@wabo.cc
- package.json renamed wabosign + license/repository fields
- Drop the docuseal.com fallback href in signature_step.vue
- Delete docs/api/ (10 upstream language stubs) and rewrite stale
docuseal.com URLs in docs/openapi.json + docs/embedding/* +
docs/webhooks/* to sign.wabo.cc
- Remove console_redirect + enquiries controllers and routes
(/upgrade, /manage, /console_redirect were DocuSeal-SaaS-only).
Strip the navbar Console icon, the embed_scripts upgrade-to-Pro
fallback, the sessions_controller CONSOLE_URL redirect, and the
CONSOLE_URL/CDN_URL/CLOUD_URL/ENQUIRIES_URL constants. The four
"Learn more" links in templates/_embedding.html.erb now point at
sign.wabo.cc/docs/embedding; the two CDN script-src refs use the
local embed_script_url helper.
- Dockerfile gains OCI image labels via ARG VERSION/REVISION
- docker.yml passes labels + build-args from metadata-action@v5 so
the published image has the right manifest-level metadata
- Add CHANGELOG.md (Keep-a-Changelog) and a Releases section in README
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
The image now lives at GHCR (pushed manually as :latest and
:sha-45ed368a). Aligning the rest of the repo to match:
- docker-compose.yml: image: ghcr.io/wabolabs/wabosign:latest
- README.md docker-run example: same
- .github/workflows/docker.yml: meta.images and login-action repointed
at ghcr.io. Login now uses the auto-provisioned GITHUB_TOKEN with a
job-level `permissions: packages: write`; the DOCKERHUB_USERNAME /
DOCKERHUB_TOKEN secrets are no longer needed and can be removed from
the repo settings. Also adds a `type=raw,value=latest` tag so the
semver-triggered build keeps :latest pointing at the newest release.
- REBRANDING.md: registry note updated for accuracy.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Renames the product to WaboSign across UI, mailers, locales, assets, and
internal Ruby module. Keeps the upstream DocuSeal attribution required by
AGPLv3 §7(b) in the powered-by footer, email attribution, README, and a
new NOTICE file. Migration renames the AATL cert identifier in encrypted
configs from docuseal_aatl to wabosign_aatl.
Removes multitenant-gated Pro upsell UI (Plans/Console/Upgrade links,
SMS/SSO/bulk-send/logo placeholders, reminder-duration restriction, the
"DocuSeal Pro" email-attribution toggle, conditions/formula/payment
pricing links) so every shipped feature is reachable on a self-hosted
deployment. Multitenant routing logic is preserved.
Drops Discord, Twitter, and ChatGPT/AI-assistant chrome. Embedding
modal keeps the upstream <docuseal-form> / @docuseal/* SDK contract so
existing embedded forms continue to work; documented in NOTICE.
REBRANDING.md captures the change inventory for future maintainers.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Wabo
Pete Matsyburka
Alex Turchyn
Pete Matsyburka
Alex Turchyn