Merge requests · Castellum / castellum · GitLab

block inactive users from using the API

!2263 · created Feb 28, 2022 by Bengfort ready for review security
- MERGED
- 0
updated Feb 28, 2022
Allow to use django-axes to prevent brute force attacks on API

!2231 · created Jan 24, 2022 by Bengfort ready for review security
- MERGED
- 0
updated Jan 24, 2022
restrict ExceptionReporter

!2225 · created Jan 18, 2022 by Bengfort security
- MERGED
- 2
updated Jan 24, 2022
ignore fullcalendar polling in AutoLogoutMiddleware

!2166 · created Dec 01, 2021 by Bengfort ready for review security
- MERGED
- 0
updated Dec 07, 2021
fix crash in LegalRepresentativeContactUpdateView

!2153 · created Nov 24, 2021 by Bengfort bug ready for review security
- MERGED
- 0
updated Nov 29, 2021
use UUID instead of ID in legal guardian form

!2074 · created Oct 18, 2021 by Bengfort ready for review security
- MERGED
- 0
updated Oct 18, 2021
consider privacy level in execution appointment feeds

!2071 · created Oct 05, 2021 by Bengfort ready for review security
- MERGED
- 0
updated Oct 05, 2021
fix StudyMixin: avoid leaking study existance in API views

!2070 · created Oct 04, 2021 by Bengfort ready for review security
- MERGED
- 0
updated Nov 24, 2021
prevent adding/removing guardians without global change_subject permission (version 3)

!2048 · created Sep 21, 2021 by Bengfort ready for review security
- MERGED
- 0
updated Sep 21, 2021
require recruit permission for recruitment update views

!2047 · created Sep 21, 2021 by Bengfort ready for review security
- MERGED
- 0
updated Sep 21, 2021
prevent adding/removing guardians without global change_subject permission

!2045 · created Sep 17, 2021 by Bengfort ready for review security
- CLOSED
- 0
updated Sep 21, 2021
allow exportable attributes of any privacy level

!2023 · created Sep 01, 2021 by Bengfort ready for review security
- MERGED
- 1
updated Sep 06, 2021
fix: prevent users from choosing an arbitrary group for filters

!2022 · created Sep 01, 2021 by Bengfort ready for review security
- MERGED
- 0
updated Sep 06, 2021
check user.expiration_date in API

!2019 · created Aug 31, 2021 by Bengfort ready for review security
- MERGED
- 0
updated Sep 06, 2021
do not skip privacy level check on unauthenticated user

!2004 · created Aug 16, 2021 by Bengfort ready for review security
- MERGED
- 0
updated Aug 17, 2021
Monitor pseudonym access

!1985 · created Jul 28, 2021 by Bengfort security
- MERGED
- Approved
- 4
updated Aug 11, 2021
prevent contact data from being included in debug logs

!1975 · created Jul 19, 2021 by Bengfort security
- MERGED
- 2
updated Jul 19, 2021
Expose pseudonym existence

!1971 · created Jul 13, 2021 by Bengfort design security
- CLOSED
- 2
updated Jul 27, 2021
check permission before displaying link to subject detail in guardian item

!1967 · created Jul 13, 2021 by Bengfort design security
- MERGED
- 0
updated Jul 26, 2021
update-deps: django-mfa3 security release

!1950 · created Jul 07, 2021 by Bengfort security
- MERGED
- 0
updated Jul 07, 2021