| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* v1.16.0
Signed-off-by: Xe Iaso <me@xeiaso.net>
* update packaging docs
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
* cmd/anubis actually check the result with the correct difficulty
* chore: changelog
* test(cmd/anubis): make test check for difficulty
* lib: add regression test for CVE-2025-24369
Signed-off-by: Xe Iaso <me@xeiaso.net>
* bump VERSION and CHANGELOG
Tracks #181
Signed-off-by: Xe Iaso <me@xeiaso.net>
---------
Signed-off-by: Xe Iaso <me@xeiaso.net>
Co-authored-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
The example/default bot policy document had a rule to allow RSS readers
through based on paths that end with ".rss", ".xml", ".atom", or
".json". Frameworks like Rails will treat these specially, meaning that
going to /things/12345-whateverhaha.json could bypass Anubis.
I checked the history of this rule and it was present in the original
example policy file in Xe/x. This rule is likely a mistake and it has
been removed. I think it was for making my blog still work with RSS
readers.
Thanks to Graham Sutherland for reporting this over email.
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
This triggers a SHAME release[0].
[0]: https://pridever.org/
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
|
Signed-off-by: Xe Iaso <me@xeiaso.net>
|
