-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add bruteforce protection in OauthApiController #38773
Conversation
dba26cb
to
fca8446
Compare
/backport to stable27 |
/backport to stable26 |
/backport to stable25 |
/backport to stable24 |
/rebase |
fca8446
to
96a850b
Compare
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
96a850b
to
629adc3
Compare
The backport to stable26 failed. Please do this backport manually. # Switch to the target branch and update it
git checkout stable26
git pull origin stable26
# Create the new backport branch
git checkout -b fix/foo-stable26
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123
# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable26 More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport |
The backport to stable24 failed. Please do this backport manually. # Switch to the target branch and update it
git checkout stable24
git pull origin stable24
# Create the new backport branch
git checkout -b fix/foo-stable24
# Cherry pick the change from the commit sha1 of the change against the default branch
# This might cause conflicts. Resolve them.
git cherry-pick abc123
# Push the cherry pick commit to the remote repository and open a pull request
git push origin fix/foo-stable24 More info at https://docs.nextcloud.com/server/latest/developer_manual/getting_started/development_process.html#manual-backport |
Backport for stable26 will be easier after #38708 is merged. @AndyScherzinger Do we really have to backport to stable24? |
yes |
As stated by Joas: yes, we do have support cohorts defined based on the severity of a sec issue the number of years we need to backport the fix is defined - which is why I initially added all the backport commands right away |
/backport to stable26 |
Client secrets are long so bruteforce attacks are not likely to be effective but still.