Skip to content

[release-23.0] backupengine: disallow path traversals via backup MANIFEST on restore (#19470)#19478

Merged
timvaillancourt merged 1 commit intorelease-23.0from
backport-19470-to-release-23.0
Feb 25, 2026
Merged

[release-23.0] backupengine: disallow path traversals via backup MANIFEST on restore (#19470)#19478
timvaillancourt merged 1 commit intorelease-23.0from
backport-19470-to-release-23.0

Conversation

@vitess-bot
Copy link
Contributor

@vitess-bot vitess-bot bot commented Feb 25, 2026

Description

This is a backport of #19470

@vitess-bot
backupengine: disallow path traversals via backup MANIFEST on res…
356e81f 
…tore (#19470)

Signed-off-by: Tim Vaillancourt <tim@timvaillancourt.com>
@vitess-bot vitess-bot bot added Type: Bug Type: Enhancement Logical improvement (somewhere between a bug and feature) Backport This is a backport Component: Backup and Restore Type: Security labels Feb 25, 2026
@github-actions github-actions bot added this to the v23.0.3 milestone Feb 25, 2026
@timvaillancourt timvaillancourt enabled auto-merge (squash) February 25, 2026 19:30
@codecov
Copy link

codecov bot commented Feb 25, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 69.45%. Comparing base (efd17cb) to head (356e81f).
⚠️ Report is 8 commits behind head on release-23.0.

Additional details and impacted files 
@@               Coverage Diff                @@
##           release-23.0   #19478      +/-   ##
================================================
- Coverage         69.73%   69.45%   -0.29%     
================================================
  Files              1606     1606              
  Lines            214854   214897      +43     
================================================
- Hits             149832   149259     -573     
- Misses            65022    65638     +616

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@timvaillancourt timvaillancourt merged commit 479bfb2 into release-23.0 Feb 25, 2026
203 of 216 checks passed
@timvaillancourt timvaillancourt deleted the backport-19470-to-release-23.0 branch February 25, 2026 20:51
timvaillancourt pushed a commit that referenced this pull request Feb 27, 2026
@vitess-bot @timvaillancourt
[release-23.0] backupengine: disallow path traversals via backup `M…
90e1818 
…ANIFEST` on restore (#19470) (#19478)

Signed-off-by: Tim Vaillancourt <tim@timvaillancourt.com>
Co-authored-by: vitess-bot[bot] <108069721+vitess-bot[bot]@users.noreply.github.com>
Signed-off-by: Tim Vaillancourt <tim@timvaillancourt.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@timvaillancourt timvaillancourt timvaillancourt approved these changes

@github-actions github-actions[bot] github-actions[bot] approved these changes

@mattlord mattlord Awaiting requested review from mattlord mattlord is a code owner

@frouioui frouioui Awaiting requested review from frouioui frouioui is a code owner

@arthurschreiber arthurschreiber Awaiting requested review from arthurschreiber

@nickvanw nickvanw Awaiting requested review from nickvanw

Assignees

No one assigned

Labels

Backport This is a backport Component: Backup and Restore Type: Bug Type: Enhancement Logical improvement (somewhere between a bug and feature) Type: Security

Projects

None yet

Milestone

v23.0.3

Development

Successfully merging this pull request may close these issues.

1 participant

@timvaillancourt