-
-
Notifications
You must be signed in to change notification settings - Fork 2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OIDC: remove auth params from url after login attempt #25664
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SimonBrandner
approved these changes
Jun 27, 2023
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Jul 20, 2023
Contains important security updates. Changes in [1.11.36](https://github.com/vector-im/element-web/releases/tag/v1.11.36) (2023-07-18) ================================================================================================= ## 🔒 Security * Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65) ## 🦖 Deprecations * Deprecate customisations in favour of Module API ([\#25736](element-hq/element-web#25736)). Fixes #25733. ## ✨ Features * OIDC: store initial screen in session storage ([\#25688](element-hq/element-web#25688)). Fixes #25656. Contributed by @kerryarchibald. * Allow default_server_config as a fallback config ([\#25682](element-hq/element-web#25682)). Contributed by @ShadowRZ. * OIDC: remove auth params from url after login attempt ([\#25664](element-hq/element-web#25664)). Contributed by @kerryarchibald. * feat(faq): remove keyboard shortcuts button ([\#9342](matrix-org/matrix-react-sdk#9342)). Fixes #22625. Contributed by @gefgu. * GYU: Update banner ([\#11211](matrix-org/matrix-react-sdk#11211)). Fixes #25530. Contributed by @justjanne. * Linkify mxc:// URLs as links to your media repo ([\#11213](matrix-org/matrix-react-sdk#11213)). Fixes #6942. * OIDC: Log in ([\#11199](matrix-org/matrix-react-sdk#11199)). Fixes #25657. Contributed by @kerryarchibald. * Handle all permitted url schemes in linkify ([\#11215](matrix-org/matrix-react-sdk#11215)). Fixes #4457 and #8720. * Autoapprove Element Call oidc requests ([\#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5. * Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen. * Expose and pre-populate thread ID in devtools dialog ([\#10953](matrix-org/matrix-react-sdk#10953)). * Hide URL preview if it will be empty ([\#9029](matrix-org/matrix-react-sdk#9029)). * Change wording from avatar to profile picture ([\#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist. * Quick and dirty devtool to explore state history ([\#11197](matrix-org/matrix-react-sdk#11197)). * Consider more user inputs when calculating zxcvbn score ([\#11180](matrix-org/matrix-react-sdk#11180)). * GYU: Account Notification Settings ([\#11008](matrix-org/matrix-react-sdk#11008)). Fixes #24567. Contributed by @justjanne. * Compound Typography pass ([\#11103](matrix-org/matrix-react-sdk#11103)). Fixes #25548. * OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes #25574. Contributed by @kerryarchibald. ## 🐛 Bug Fixes * Fix read receipt sending behaviour around thread roots ([\#3600](matrix-org/matrix-js-sdk#3600)). * Fix missing metaspace notification badges ([\#11269](matrix-org/matrix-react-sdk#11269)). Fixes #25679. * Make checkboxes less rounded ([\#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam. * GYU: Fix issues with audible keywords without activated mentions ([\#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne. * PosthogAnalytics unwatch settings on logout ([\#11207](matrix-org/matrix-react-sdk#11207)). Fixes #25703. * Avoid trying to set room account data for pinned events as guest ([\#11216](matrix-org/matrix-react-sdk#11216)). Fixes #6300. * GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne. * force to allow calls without video and audio in embedded mode ([\#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw. * Fix room tile text clipping ([\#11196](matrix-org/matrix-react-sdk#11196)). Fixes #25718. * Handle newlines in user pills ([\#11166](matrix-org/matrix-react-sdk#11166)). Fixes #10994. * Limit width of user menu in space panel ([\#11192](matrix-org/matrix-react-sdk#11192)). Fixes #22627. * Add isLocation to ComposerEvent analytics events ([\#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam. * Fix: hide unsupported login elements ([\#11185](matrix-org/matrix-react-sdk#11185)). Fixes #25711. Contributed by @kerryarchibald. * Scope smaller font size to user info panel ([\#11178](matrix-org/matrix-react-sdk#11178)). Fixes #25683. * Apply i18n to strings in the html export ([\#11176](matrix-org/matrix-react-sdk#11176)). * Inhibit url previews on MXIDs containing slashes same as those without ([\#11160](matrix-org/matrix-react-sdk#11160)). * Make event info size consistent with state events ([\#11181](matrix-org/matrix-react-sdk#11181)). * Fix markdown content spacing ([\#11177](matrix-org/matrix-react-sdk#11177)). Fixes #25685. * Fix font-family definition for emojis ([\#11170](matrix-org/matrix-react-sdk#11170)). Fixes #25686. * Fix spurious error sending receipt in thread errors ([\#11157](matrix-org/matrix-react-sdk#11157)). * Consider the empty push rule actions array equiv to deprecated dont_notify ([\#11155](matrix-org/matrix-react-sdk#11155)). Fixes #25674. * Only trap escape key for cancel reply if there is a reply ([\#11140](matrix-org/matrix-react-sdk#11140)). Fixes #25640. * Update linkify to 4.1.1 ([\#11132](matrix-org/matrix-react-sdk#11132)). Fixes #23806. Changes in [1.11.35](https://github.com/vector-im/element-web/releases/tag/v1.11.35) (2023-07-04) ================================================================================================= ## 🦖 Deprecations * Remove `feature_favourite_messages` as it is has been abandoned for now ([\#11097](matrix-org/matrix-react-sdk#11097)). Fixes #25555. ## ✨ Features * Don't setup keys on login when encryption is force disabled ([\#11125](matrix-org/matrix-react-sdk#11125)). Contributed by @kerryarchibald. * OIDC: attempt dynamic client registration ([\#11074](matrix-org/matrix-react-sdk#11074)). Fixes #25468 and #25467. Contributed by @kerryarchibald. * OIDC: Check static client registration and add login flow ([\#11088](matrix-org/matrix-react-sdk#11088)). Fixes #25467. Contributed by @kerryarchibald. * Improve message body output from plain text editor ([\#11124](matrix-org/matrix-react-sdk#11124)). Contributed by @alunturner. * Disable encryption toggle in room settings when force disabled ([\#11122](matrix-org/matrix-react-sdk#11122)). Contributed by @kerryarchibald. * Add .well-known config option to force disable encryption on room creation ([\#11120](matrix-org/matrix-react-sdk#11120)). Contributed by @kerryarchibald. * Handle permalinks in room topic ([\#11115](matrix-org/matrix-react-sdk#11115)). Fixes #23395. * Add at room avatar for RTE ([\#11106](matrix-org/matrix-react-sdk#11106)). Contributed by @alunturner. * Remove new room breadcrumbs ([\#11104](matrix-org/matrix-react-sdk#11104)). * Update rich text editor dependency and associated changes ([\#11098](matrix-org/matrix-react-sdk#11098)). Contributed by @alunturner. * Implement new model, hooks and reconcilation code for new GYU notification settings ([\#11089](matrix-org/matrix-react-sdk#11089)). Contributed by @justjanne. * Allow maintaining a different right panel width for thread panels ([\#11064](matrix-org/matrix-react-sdk#11064)). Fixes #25487. * Make AppPermission pane scrollable ([\#10954](matrix-org/matrix-react-sdk#10954)). Fixes #25438 and #25511. Contributed by @luixxiul. * Integrate compound design tokens ([\#11091](matrix-org/matrix-react-sdk#11091)). Fixes vector-im/internal-planning#450. * Don't warn about the effects of redacting state events when redacting non-state-events ([\#11071](matrix-org/matrix-react-sdk#11071)). Fixes #8478. * Allow specifying help URLs in config.json ([\#11070](matrix-org/matrix-react-sdk#11070)). Fixes #15268. ## 🐛 Bug Fixes * Fix error when generating error for polling for updates ([\#25609](element-hq/element-web#25609)). * Fix spurious notifications on non-live events ([\#11133](matrix-org/matrix-react-sdk#11133)). Fixes #24336. * Prevent auto-translation within composer ([\#11114](matrix-org/matrix-react-sdk#11114)). Fixes #25624. * Fix caret jump when backspacing into empty line at beginning of editor ([\#11128](matrix-org/matrix-react-sdk#11128)). Fixes #22335. * Fix server picker not allowing you to switch from custom to default ([\#11127](matrix-org/matrix-react-sdk#11127)). Fixes #25650. * Consider the unthreaded read receipt for Unread dot state ([\#11117](matrix-org/matrix-react-sdk#11117)). Fixes #24229. * Increase RTE resilience ([\#11111](matrix-org/matrix-react-sdk#11111)). Fixes #25277. Contributed by @alunturner. * Fix RoomView ignoring alias lookup errors due to them not knowing the roomId ([\#11099](matrix-org/matrix-react-sdk#11099)). Fixes #24783 and #25562. * Fix style inconsistencies on SecureBackupPanel ([\#11102](matrix-org/matrix-react-sdk#11102)). Fixes #25615. Contributed by @luixxiul. * Remove unknown MXIDs from invite suggestions ([\#11055](matrix-org/matrix-react-sdk#11055)). Fixes #25446. * Reduce volume of ring sounds to normalised levels ([\#9143](matrix-org/matrix-react-sdk#9143)). Contributed by @JMoVS. * Fix slash commands not being enabled in certain cases ([\#11090](matrix-org/matrix-react-sdk#11090)). Fixes #25572. * Prevent escape in threads from sending focus to main timeline composer ([\#11061](matrix-org/matrix-react-sdk#11061)). Fixes #23397.
su-ex
added a commit
to SchildiChat/element-desktop
that referenced
this pull request
Feb 24, 2024
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65) * Deprecate customisations in favour of Module API ([\#25736](element-hq/element-web#25736)). Fixes element-hq/element-web#25733. * OIDC: store initial screen in session storage ([\#25688](element-hq/element-web#25688)). Fixes element-hq/element-web#25656. Contributed by @kerryarchibald. * Allow default_server_config as a fallback config ([\#25682](element-hq/element-web#25682)). Contributed by @ShadowRZ. * OIDC: remove auth params from url after login attempt ([\#25664](element-hq/element-web#25664)). Contributed by @kerryarchibald. * feat(faq): remove keyboard shortcuts button ([\#9342](matrix-org/matrix-react-sdk#9342)). Fixes element-hq/element-web#22625. Contributed by @gefgu. * GYU: Update banner ([\#11211](matrix-org/matrix-react-sdk#11211)). Fixes element-hq/element-web#25530. Contributed by @justjanne. * Linkify mxc:// URLs as links to your media repo ([\#11213](matrix-org/matrix-react-sdk#11213)). Fixes element-hq/element-web#6942. * OIDC: Log in ([\#11199](matrix-org/matrix-react-sdk#11199)). Fixes element-hq/element-web#25657. Contributed by @kerryarchibald. * Handle all permitted url schemes in linkify ([\#11215](matrix-org/matrix-react-sdk#11215)). Fixes element-hq/element-web#4457 and element-hq/element-web#8720. * Autoapprove Element Call oidc requests ([\#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5. * Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen. * Expose and pre-populate thread ID in devtools dialog ([\#10953](matrix-org/matrix-react-sdk#10953)). * Hide URL preview if it will be empty ([\#9029](matrix-org/matrix-react-sdk#9029)). * Change wording from avatar to profile picture ([\#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist. * Quick and dirty devtool to explore state history ([\#11197](matrix-org/matrix-react-sdk#11197)). * Consider more user inputs when calculating zxcvbn score ([\#11180](matrix-org/matrix-react-sdk#11180)). * GYU: Account Notification Settings ([\#11008](matrix-org/matrix-react-sdk#11008)). Fixes element-hq/element-web#24567. Contributed by @justjanne. * Compound Typography pass ([\#11103](matrix-org/matrix-react-sdk#11103)). Fixes element-hq/element-web#25548. * OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes element-hq/element-web#25574. Contributed by @kerryarchibald. * Fix read receipt sending behaviour around thread roots ([\#3600](matrix-org/matrix-js-sdk#3600)). * Fix missing metaspace notification badges ([\#11269](matrix-org/matrix-react-sdk#11269)). Fixes element-hq/element-web#25679. * Make checkboxes less rounded ([\#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam. * GYU: Fix issues with audible keywords without activated mentions ([\#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne. * PosthogAnalytics unwatch settings on logout ([\#11207](matrix-org/matrix-react-sdk#11207)). Fixes element-hq/element-web#25703. * Avoid trying to set room account data for pinned events as guest ([\#11216](matrix-org/matrix-react-sdk#11216)). Fixes element-hq/element-web#6300. * GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne. * force to allow calls without video and audio in embedded mode ([\#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw. * Fix room tile text clipping ([\#11196](matrix-org/matrix-react-sdk#11196)). Fixes element-hq/element-web#25718. * Handle newlines in user pills ([\#11166](matrix-org/matrix-react-sdk#11166)). Fixes element-hq/element-web#10994. * Limit width of user menu in space panel ([\#11192](matrix-org/matrix-react-sdk#11192)). Fixes element-hq/element-web#22627. * Add isLocation to ComposerEvent analytics events ([\#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam. * Fix: hide unsupported login elements ([\#11185](matrix-org/matrix-react-sdk#11185)). Fixes element-hq/element-web#25711. Contributed by @kerryarchibald. * Scope smaller font size to user info panel ([\#11178](matrix-org/matrix-react-sdk#11178)). Fixes element-hq/element-web#25683. * Apply i18n to strings in the html export ([\#11176](matrix-org/matrix-react-sdk#11176)). * Inhibit url previews on MXIDs containing slashes same as those without ([\#11160](matrix-org/matrix-react-sdk#11160)). * Make event info size consistent with state events ([\#11181](matrix-org/matrix-react-sdk#11181)). * Fix markdown content spacing ([\#11177](matrix-org/matrix-react-sdk#11177)). Fixes element-hq/element-web#25685. * Fix font-family definition for emojis ([\#11170](matrix-org/matrix-react-sdk#11170)). Fixes element-hq/element-web#25686. * Fix spurious error sending receipt in thread errors ([\#11157](matrix-org/matrix-react-sdk#11157)). * Consider the empty push rule actions array equiv to deprecated dont_notify ([\#11155](matrix-org/matrix-react-sdk#11155)). Fixes element-hq/element-web#25674. * Only trap escape key for cancel reply if there is a reply ([\#11140](matrix-org/matrix-react-sdk#11140)). Fixes element-hq/element-web#25640. * Update linkify to 4.1.1 ([\#11132](matrix-org/matrix-react-sdk#11132)). Fixes element-hq/element-web#23806.
su-ex
added a commit
to SchildiChat/element-web
that referenced
this pull request
Feb 24, 2024
* Fixes for [CVE-2023-37259](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=CVE-2023-37259) / [GHSA-c9vx-2g7w-rp65](GHSA-c9vx-2g7w-rp65) * Deprecate customisations in favour of Module API ([\element-hq#25736](element-hq#25736)). Fixes element-hq#25733. * OIDC: store initial screen in session storage ([\element-hq#25688](element-hq#25688)). Fixes element-hq#25656. Contributed by @kerryarchibald. * Allow default_server_config as a fallback config ([\element-hq#25682](element-hq#25682)). Contributed by @ShadowRZ. * OIDC: remove auth params from url after login attempt ([\element-hq#25664](element-hq#25664)). Contributed by @kerryarchibald. * feat(faq): remove keyboard shortcuts button ([\element-hq#9342](matrix-org/matrix-react-sdk#9342)). Fixes element-hq#22625. Contributed by @gefgu. * GYU: Update banner ([\element-hq#11211](matrix-org/matrix-react-sdk#11211)). Fixes element-hq#25530. Contributed by @justjanne. * Linkify mxc:// URLs as links to your media repo ([\element-hq#11213](matrix-org/matrix-react-sdk#11213)). Fixes element-hq#6942. * OIDC: Log in ([\element-hq#11199](matrix-org/matrix-react-sdk#11199)). Fixes element-hq#25657. Contributed by @kerryarchibald. * Handle all permitted url schemes in linkify ([\element-hq#11215](matrix-org/matrix-react-sdk#11215)). Fixes element-hq#4457 and element-hq#8720. * Autoapprove Element Call oidc requests ([\element-hq#11209](matrix-org/matrix-react-sdk#11209)). Contributed by @toger5. * Allow creating knock rooms ([\#11182](matrix-org/matrix-react-sdk#11182)). Contributed by @charlynguyen. * Expose and pre-populate thread ID in devtools dialog ([\element-hq#10953](matrix-org/matrix-react-sdk#10953)). * Hide URL preview if it will be empty ([\element-hq#9029](matrix-org/matrix-react-sdk#9029)). * Change wording from avatar to profile picture ([\element-hq#7015](matrix-org/matrix-react-sdk#7015)). Fixes element-hq/element-meta#1331. Contributed by @aaronraimist. * Quick and dirty devtool to explore state history ([\element-hq#11197](matrix-org/matrix-react-sdk#11197)). * Consider more user inputs when calculating zxcvbn score ([\element-hq#11180](matrix-org/matrix-react-sdk#11180)). * GYU: Account Notification Settings ([\element-hq#11008](matrix-org/matrix-react-sdk#11008)). Fixes element-hq#24567. Contributed by @justjanne. * Compound Typography pass ([\element-hq#11103](matrix-org/matrix-react-sdk#11103)). Fixes element-hq#25548. * OIDC: navigate to authorization endpoint ([\#11096](matrix-org/matrix-react-sdk#11096)). Fixes element-hq#25574. Contributed by @kerryarchibald. * Fix read receipt sending behaviour around thread roots ([\element-hq#3600](matrix-org/matrix-js-sdk#3600)). * Fix missing metaspace notification badges ([\element-hq#11269](matrix-org/matrix-react-sdk#11269)). Fixes element-hq#25679. * Make checkboxes less rounded ([\element-hq#11224](matrix-org/matrix-react-sdk#11224)). Contributed by @andybalaam. * GYU: Fix issues with audible keywords without activated mentions ([\element-hq#11218](matrix-org/matrix-react-sdk#11218)). Contributed by @justjanne. * PosthogAnalytics unwatch settings on logout ([\element-hq#11207](matrix-org/matrix-react-sdk#11207)). Fixes element-hq#25703. * Avoid trying to set room account data for pinned events as guest ([\element-hq#11216](matrix-org/matrix-react-sdk#11216)). Fixes element-hq#6300. * GYU: Disable sound for DMs checkbox when DM notifications are disabled ([\element-hq#11210](matrix-org/matrix-react-sdk#11210)). Contributed by @justjanne. * force to allow calls without video and audio in embedded mode ([\element-hq#11131](matrix-org/matrix-react-sdk#11131)). Contributed by @EnricoSchw. * Fix room tile text clipping ([\element-hq#11196](matrix-org/matrix-react-sdk#11196)). Fixes element-hq#25718. * Handle newlines in user pills ([\element-hq#11166](matrix-org/matrix-react-sdk#11166)). Fixes element-hq#10994. * Limit width of user menu in space panel ([\element-hq#11192](matrix-org/matrix-react-sdk#11192)). Fixes element-hq#22627. * Add isLocation to ComposerEvent analytics events ([\element-hq#11187](matrix-org/matrix-react-sdk#11187)). Contributed by @andybalaam. * Fix: hide unsupported login elements ([\element-hq#11185](matrix-org/matrix-react-sdk#11185)). Fixes element-hq#25711. Contributed by @kerryarchibald. * Scope smaller font size to user info panel ([\element-hq#11178](matrix-org/matrix-react-sdk#11178)). Fixes element-hq#25683. * Apply i18n to strings in the html export ([\element-hq#11176](matrix-org/matrix-react-sdk#11176)). * Inhibit url previews on MXIDs containing slashes same as those without ([\element-hq#11160](matrix-org/matrix-react-sdk#11160)). * Make event info size consistent with state events ([\element-hq#11181](matrix-org/matrix-react-sdk#11181)). * Fix markdown content spacing ([\element-hq#11177](matrix-org/matrix-react-sdk#11177)). Fixes element-hq#25685. * Fix font-family definition for emojis ([\element-hq#11170](matrix-org/matrix-react-sdk#11170)). Fixes element-hq#25686. * Fix spurious error sending receipt in thread errors ([\element-hq#11157](matrix-org/matrix-react-sdk#11157)). * Consider the empty push rule actions array equiv to deprecated dont_notify ([\element-hq#11155](matrix-org/matrix-react-sdk#11155)). Fixes element-hq#25674. * Only trap escape key for cancel reply if there is a reply ([\element-hq#11140](matrix-org/matrix-react-sdk#11140)). Fixes element-hq#25640. * Update linkify to 4.1.1 ([\element-hq#11132](matrix-org/matrix-react-sdk#11132)). Fixes element-hq#23806.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
For #25657
Checklist
Here's what your changelog entry will look like:
✨ Features