aiden
/
memos
mirror of https://github.com/usememos/memos
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
4,269 Commits
2 Branches
93 Tags
216 MiB
release-please--branches--main--components--memos
main
v0.0.1
v0.1.0
v0.1.1
v0.1.2
v0.1.3
v0.10.0
v0.10.1
v0.10.2
v0.10.3
v0.11.0
v0.11.1
v0.11.2
v0.12.0
v0.12.1
v0.12.2
v0.13.0
v0.13.1
v0.13.2
v0.14.0
v0.14.1
v0.14.2
v0.14.3
v0.14.4
v0.15.0
v0.15.1
v0.15.2
v0.16.0
v0.16.1
v0.17.0
v0.17.1
v0.18.0
v0.18.1
v0.18.2
v0.19.0
v0.19.1
v0.2.0
v0.2.1
v0.2.2
v0.20.0
v0.20.1
v0.21.0
v0.22.0
v0.22.1
v0.22.2
v0.22.3
v0.22.4
v0.22.5
v0.23.0
v0.23.0-rc.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.24.0
v0.24.1
v0.24.2
v0.24.3
v0.24.4
v0.25.0
v0.25.1
v0.25.2
v0.25.3
v0.26.0
v0.26.1
v0.26.2
v0.27.0
v0.27.0-rc.1
v0.27.0-rc.2
v0.27.1
v0.28.0
v0.29.0
v0.29.1
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.4.3
v0.4.4
v0.4.5
v0.5.0
v0.6.0
v0.6.1
v0.7.0
v0.7.1
v0.7.2
v0.7.3
v0.8.0
v0.8.1
v0.8.2
v0.8.3
v0.9.0
v0.9.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '704503e556'
${ noResults }
Commit Graph

8 Commits (704503e5564a10ee431ef15a09ae01b3d0ca88e3)

Author SHA1 Message Date
Steven 704503e556 fix(store): allow memo/attachment deletion when local file is missing 
Fixes two bugs reported in #5603:

1. store/attachment.go: ignore os.ErrNotExist when removing a local
   attachment file so that a missing file on disk (broken state from
   failed uploads) no longer blocks deletion of the DB record, allowing
   memos referencing corrupt attachments to be deleted normally.

2. memo_attachment_service.go: add nil guard on GetAttachment result
   before dereferencing it in SetMemoAttachments, preventing a nil
   pointer panic when an attachment UID no longer exists in the DB.
 4 months ago
Johnny c7b48b800f fix: add access control checks for attachments, comments, and reactions 
Security fixes for multiple authorization bypass vulnerabilities:

- GetAttachment: Add visibility check via checkAttachmentAccess helper
- UpdateAttachment: Add ownership check (creator or admin only)
- Fileserver: Require creator/admin auth for unlinked attachments
- ListMemoAttachments: Add memo visibility check
- CreateMemoComment: Add memo visibility check for target memo
- ListMemoReactions: Add memo visibility check
- UpsertMemoReaction: Add memo visibility check

All checks follow the existing pattern used in GetMemo for consistency.
 5 months ago
Johnny 7932f6d0d0
refactor: user auth improvements (#5360) 6 months ago
boojack 21d31e3609
fix(security): implement security review recommendations (#5228) 
Co-authored-by: Claude <noreply@anthropic.com>
 7 months ago
Florian Dewald 769dcd0cf9
fix(security): add missing authorization checks to various services (#5217) 7 months ago
varsnotwars 4eb5b67baf
feat: attachments by id (#5008) 10 months ago
Steven a4920d464b refactor: attachment service part2 1 year ago
Steven bb5809cae4 refactor: attachment service 1 year ago