Ghost

History

Ronald Langeveld 0029c444ad Added test email rate limiting (#17505 ) refs https://github.com/TryGhost/Product/issues/3651 - This is a security fix that addresses an issue causing malicious users to abuse the test / preview email API endpoint. - We have multiple procedures in place now to limit such users. - First, we now only allow one email address to be passed into the `sendTestEmail` method. This method only have one purpose, which is to compliment the test email functionality within the Editor in Admin and therefore have no reason to send to more than one email address at a time. - We then add an additional rate limiter to prevent a user from making multiple requests, eg via a script. - The new imposed limit is 10 test emails per hour.		2023-07-27 08:46:50 +02:00
..
adapter-cache-memory-ttl
adapter-cache-redis
adapter-manager
admin	Updated gscan (#17507 )	2023-07-26 13:06:23 +00:00
announcement-bar-settings
api-framework
api-version-compatibility-service
audience-feedback
bootstrap-socket
collections	Added TagDeletedEvent	2023-07-26 12:54:42 +02:00
constants
core	Added test email rate limiting (#17505 )	2023-07-27 08:46:50 +02:00
custom-theme-settings-service
data-generator
domain-events
dynamic-routing-events
email-analytics-provider-mailgun
email-analytics-service
email-content-generator
email-events
email-service	Added test email rate limiting (#17505 )	2023-07-27 08:46:50 +02:00
email-suppression-list
event-aware-cache-wrapper
express-dynamic-redirects
external-media-inliner
extract-api-key
html-to-plaintext
i18n	Deduplicated `ts-node` and `typescript` dependencies	2023-07-24 16:21:47 +02:00
importer-handler-content-files
importer-revue	Pinned dependencies	2023-07-24 16:21:47 +02:00
in-memory-repository	Switched TypeScript eslint config to custom plugin	2023-07-25 16:12:35 +02:00
job-manager
link-redirects
link-replacer	Pinned dependencies	2023-07-24 16:21:47 +02:00
link-tracking
magic-link	Update dependency @types/nodemailer to v6.4.9	2023-07-25 15:50:24 +02:00
mail-events	Switched TypeScript eslint config to custom plugin	2023-07-25 16:12:35 +02:00
mailgun-client
member-attribution
member-events
members-api	Pinned dependencies	2023-07-24 16:21:47 +02:00
members-csv	Added import tier to members import modal (#17492 )	2023-07-26 09:19:09 +01:00
members-events-service
members-importer	Added import tier to members import modal (#17492 )	2023-07-26 09:19:09 +01:00
members-ssr
mentions-email-report
milestones
minifier	Update dependency terser to v5.19.2	2023-07-24 11:01:06 +00:00
model-to-domain-event-interceptor	Mapped tag.deleted event to TagDeletedEvent	2023-07-26 12:54:42 +02:00
mw-api-version-mismatch
mw-cache-control
mw-error-handler
mw-session-from-token
mw-update-user-last-seen
mw-version-match
mw-vhost
nql-filter-expansions	Switched TypeScript eslint config to custom plugin	2023-07-25 16:12:35 +02:00
oembed-service
offers
package-json
payments
post-revisions	Switched TypeScript eslint config to custom plugin	2023-07-25 16:12:35 +02:00
posts-service	Fixed unpublished collection posts filtering	2023-07-26 16:45:57 +08:00
referrers
security
session-service
settings-path-manager
slack-notifications
staff-service
stats-service
stripe
tiers
update-check-service
verification-trigger
version-notifications-data-service
webmentions
tsconfig.json	Removed `jest` from tsconfig types array	2023-07-21 14:50:52 +02:00