svc-admin01/snipe-it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
22,948 Commits 118 Branches 300 Tags
security-fixes
Commit Graph

22948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
snipe c25d56ea85 Refactored licenses controller to use a pessimistic lock inside a transaction 2026-05-26 14:24:02 +01:00
snipe f92a9a6cc6 Made isFullMultipleCompanySupportEnabled a public method 2026-05-26 14:23:32 +01:00
snipe 988729fbeb Skip user records if user exists in another company if FMCS is enabled 2026-05-26 13:36:02 +01:00
snipe e00f7b5b67 Added tests 2026-05-26 13:31:33 +01:00
snipe 39fbe98313 Fixed overwriting ownership of import 2026-05-26 13:11:30 +01:00
snipe 46d5234fd7 Throttle TOTP requests 2026-05-26 13:04:26 +01:00
snipe dd4117bd5b Tighter guard on user imports auth fields if the user is authenticated (aka not run via cli) 2026-05-26 12:56:10 +01:00
snipe 4dcd5190df Merge pull request #19025 from grokability/move-api-singletons-into-middleware 
Move API singletons from SettingServiceProvider into middleware
 2026-05-26 12:07:03 +01:00
snipe 48728e83b2 Merge pull request #19051 from grokability/_multi-company-support 
Allow user to be a member of multiple companies
 2026-05-26 12:03:24 +01:00
snipe 087b895bba Merge branch 'develop' into _multi-company-support 
# Conflicts:
#	app/Http/Controllers/Users/BulkUsersController.php
#	app/Presenters/LicensePresenter.php
#	public/js/dist/all.js
#	public/js/dist/all.js.map
#	public/mix-manifest.json
 2026-05-26 11:53:48 +01:00
snipe 2ed28f7f7a Dev manifest 2026-05-26 11:48:34 +01:00
snipe 9f50328da2 Merge hell :( 2026-05-26 11:48:15 +01:00
snipe 3737b34913 Back-patch security fixes 2026-05-26 11:36:29 +01:00
snipe aa0eb24e80 Fixed merge mess 2026-05-26 11:15:30 +01:00
snipe 9d012dd06d WTF 2026-05-26 11:14:27 +01:00
snipe df28c80553 Dev assets 2026-05-26 11:03:55 +01:00
snipe 2a3a3f7818 Disallow ldap_import and activated in bulk editing users if user doesn’t have permission 2026-05-26 11:03:55 +01:00
snipe 15cb7993f6 Moved password visibility toggle to snipeit.js 2026-05-26 11:03:55 +01:00
snipe 15529a0c9c Bulk checkin license seats 2026-05-26 11:03:55 +01:00
snipe d2c30dd08c Dev assets 2026-05-26 11:03:55 +01:00
snipe 972b27140a Updated assets 2026-05-26 11:03:55 +01:00
snipe cac13dd949 Dev assets 2026-05-26 11:03:55 +01:00
snipe 112bf498e6 Disallow ldap_import and activated in bulk editing users if user doesn’t have permission 2026-05-26 11:03:55 +01:00
snipe 02488a62c1 Updated controllers 2026-05-26 11:03:55 +01:00
snipe f5313f6ec0 Updated dev assets 2026-05-26 11:03:55 +01:00
snipe 3206549170 Moved password visibility toggle to snipeit.js 2026-05-26 11:03:48 +01:00
snipe 59b621500f Bulk checkin license seats 2026-05-26 11:03:40 +01:00
snipe cd5716d66d Fixed FD-54447 - superuser on user bulk edit check for groups 2026-05-26 11:03:07 +01:00
snipe 6a68a38d71 Dev assets 2026-05-26 11:02:44 +01:00
snipe f23ea5ce8f Disallow ldap_import and activated in bulk editing users if user doesn’t have permission 2026-05-26 11:02:35 +01:00
snipe c893b69b5f Fixed merge conflict 2026-05-26 10:52:04 +01:00
snipe 269e6c4ef6 Dev assets *again* 2026-05-26 10:49:32 +01:00
snipe a0ab9d3a80 Updated dev assets 2026-05-26 10:49:06 +01:00
snipe cdd72cf372 Dev assets 2026-05-26 10:49:05 +01:00
snipe e38b8cdd68 Disallow ldap_import and activated in bulk editing users if user doesn’t have permission 2026-05-26 10:49:05 +01:00
snipe c44cb23dea Updated JS to add the array endpoint for company_ids (plural) 2026-05-26 10:49:05 +01:00
snipe 84bdfa98d1 Updated dev assets 2026-05-26 10:49:05 +01:00
snipe f3055e7442 Moved password visibility toggle to snipeit.js 2026-05-26 10:48:54 +01:00
snipe 9c36ade1e2 Bulk checkin license seats 2026-05-26 10:48:44 +01:00
snipe 4127c6a0c0 Fixed FD-54447 - superuser on user bulk edit check for groups 2026-05-26 10:48:24 +01:00
snipe c133c869ae Dev assets 2026-05-26 10:47:48 +01:00
snipe d74197aacc Disallow ldap_import and activated in bulk editing users if user doesn’t have permission 2026-05-26 10:47:40 +01:00
snipe c870dd0dae Updated assets 2026-05-26 10:41:48 +01:00
snipe 6d1d89105d Updated JS to add the array endpoint for company_ids (plural) 2026-05-26 10:41:30 +01:00
snipe f3a4f5edaa Allow query string or parameter for byserial 2026-05-26 10:41:23 +01:00
snipe 8f61d1e729 Add @CybotTM as a contributor 2026-05-26 10:41:23 +01:00
Sebastian Mendel 4782734ed4 Fix dead QUEUE_DRIVER env var name in templates and test config 
`config/queue.php` reads `env('QUEUE_CONNECTION', 'sync')` since the
Laravel Shift in v6.0.0 (commit cc3c59bf97), but seven .env templates
and phpunit.xml still set `QUEUE_DRIVER` — the old Laravel <5.7 name
that the framework no longer reads. The default is `sync` anyway so
the gap is silent; but anyone copying these templates and trying to
enable an async driver (redis, database, beanstalkd, sqs) finds their
setting silently ignored.

Rename across:
- .env.example
- .env.docker
- .env.dev.docker
- .env.dusk.example
- docker/docker-secrets.env
- docker/docker.env
- phpunit.xml (XML <env> tag)

No code change. Default value `sync` preserved everywhere.

---
Disclosure: drafted with a coding agent's help.

Signed-off-by: Sebastian Mendel <info@sebastianmendel.de>
 2026-05-26 10:41:23 +01:00
chrisnox a9d65f7e81 Update README.md 2026-05-26 10:41:22 +01:00
chrisnox e59f5d92a4 Update README.md 2026-05-26 10:41:22 +01:00
snipe 93576fc435 Include table prefixes on OAuth Clients 2026-05-26 10:41:22 +01:00