fix(web-pkg): creating biased random numbers from a cryptographically secure source #12575
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This comment was marked as outdated.
This comment was marked as outdated.
|
|
|
Hello @odaysec, thank you for the contribution! Two small things. The CI lint pipeline is broken due to formatting. Also, we would kindly ask you to provide a changelog item https://github.com/owncloud/web/blob/master/changelog/README.md#create-changelog-items |
|
@odaysec I pushed a commit into this PR taking care of those two issues so that we can get it merged. |
style: apply formatting
LukasHirt
changed the title
LukasHirt
approved these changes
Jun 17, 2025
|
spiceratops
added a commit
to spiceratops/k8s-gitops
that referenced
this pull request
Jul 15, 2025
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [docker.io/owncloud/ocis](https://redirect.github.com/owncloud/ocis) | minor | `7.1.3` -> `7.2.0` | --- ### Release Notes <details> <summary>owncloud/ocis (docker.io/owncloud/ocis)</summary> ### [`v7.2.0`](https://redirect.github.com/owncloud/ocis/releases/tag/v7.2.0): 7.2.0 [Compare Source](https://redirect.github.com/owncloud/ocis/compare/v7.1.3...v7.2.0) ##### Table of Contents - [Changelog for 7.2.0](#changelog-for-720-2025-07-14) ##### Changes in 7.2.0 ##### Summary - Bugfix - Fix the OCM role editor: [#​11071](https://redirect.github.com/owncloud/ocis/pull/11071) - Bugfix - Fix the SpaceMembershipExpired event: [#​11078](https://redirect.github.com/owncloud/ocis/pull/11078) - Bugfix - Fix the OCM role file editor: [#​11093](https://redirect.github.com/owncloud/ocis/pull/11093) - Bugfix - Fix the parent-id for the share-jail root: [#​11101](https://redirect.github.com/owncloud/ocis/pull/11101) - Bugfix - Adjust the capabilities according to full text search config: [#​11111](https://redirect.github.com/owncloud/ocis/pull/11111) - Bugfix - Fix app-auth: [#​11123](https://redirect.github.com/owncloud/ocis/pull/11123) - Bugfix - Fix the SpaceMembershipExpired duplicate event: [#​11127](https://redirect.github.com/owncloud/ocis/pull/11127) - Bugfix - Fix migrate rebuild-jsoncs3-indexes cli: [#​11145](https://redirect.github.com/owncloud/ocis/pull/11145) - Bugfix - OCM Share Notifications: [#​11162](https://redirect.github.com/owncloud/ocis/pull/11162) - Bugfix - Fix pdf form creation: [#​11163](https://redirect.github.com/owncloud/ocis/pull/11163) - Bugfix - Fix app-auth, REST status code: [#​11190](https://redirect.github.com/owncloud/ocis/pull/11190) - Bugfix - Fix error on listing space members: [#​11245](https://redirect.github.com/owncloud/ocis/pull/11245) - Bugfix - Fix the graceful shutdown: [#​11295](https://redirect.github.com/owncloud/ocis/pull/11295) - Bugfix - Fix the reva log interceptor: [#​11348](https://redirect.github.com/owncloud/ocis/pull/11348) - Bugfix - Fix panic while traversing the service list: [#​11390](https://redirect.github.com/owncloud/ocis/pull/11390) - Bugfix - Fix the OCM role editor: [#​11484](https://redirect.github.com/owncloud/ocis/pull/11484) - Bugfix - Fix storage-users cli: [#​11490](https://redirect.github.com/owncloud/ocis/pull/11490) - Bugfix - Clean up unified roles label: [#​11494](https://redirect.github.com/owncloud/ocis/pull/11494) - Change - Remove deprecated FRONTEND\_OCS\_\*: [#​11333](https://redirect.github.com/owncloud/ocis/pull/11333) - Change - Remove deprecated CLIENTLOG\_REVA\_GATEWAY: [#​11372](https://redirect.github.com/owncloud/ocis/pull/11372) - Enhancement - Update Mockery to 2.52.3: [#​11070](https://redirect.github.com/owncloud/ocis/pull/11070) - Enhancement - Improve postprocessing logs: [#​11108](https://redirect.github.com/owncloud/ocis/pull/11108) - Enhancement - Improve graph space management logs: [#​11115](https://redirect.github.com/owncloud/ocis/pull/11115) - Enhancement - Delete notification by ID: [#​11203](https://redirect.github.com/owncloud/ocis/pull/11203) - Enhancement - CLI, storage-users uploads delete-stale-nodes: [#​11216](https://redirect.github.com/owncloud/ocis/pull/11216) - Enhancement - Allow setting driveid through graph API: [#​11256](https://redirect.github.com/owncloud/ocis/pull/11256) - Enhancement - More secure Microsoft 365 collaboration: [#​11276](https://redirect.github.com/owncloud/ocis/pull/11276) - Enhancement - Claim managed spaces: [#​11280](https://redirect.github.com/owncloud/ocis/pull/11280) - Enhancement - Bump Reva: [#​11283](https://redirect.github.com/owncloud/ocis/pull/11283) - Enhancement - Update ocis\_full deployment example images: [#​11319](https://redirect.github.com/owncloud/ocis/pull/11319) - Enhancement - Bump Web to 11.3.2: [#​11330](https://redirect.github.com/owncloud/ocis/pull/11330) - Enhancement - Add capability for server managed spaces: [#​11332](https://redirect.github.com/owncloud/ocis/pull/11332) - Enhancement - Harden office deployment process: [#​11339](https://redirect.github.com/owncloud/ocis/pull/11339) - Enhancement - Add SpaceEditorWithoutTrashbin Role: [#​11391](https://redirect.github.com/owncloud/ocis/pull/11391) - Enhancement - Improve cookies security: [#​11413](https://redirect.github.com/owncloud/ocis/pull/11413) - Enhancement - Bump Web to 12.0.0: [#​11420](https://redirect.github.com/owncloud/ocis/pull/11420) - Enhancement - Bump Web to 12.0.1: [#​11420](https://redirect.github.com/owncloud/ocis/pull/11420) - Enhancement - Remove deprecated envvars: [#​11430](https://redirect.github.com/owncloud/ocis/pull/11430) - Enhancement - Update Bleve to v2.5.2: [#​11441](https://redirect.github.com/owncloud/ocis/pull/11441) - Enhancement - Bump Web to 12.0.2: [#​11444](https://redirect.github.com/owncloud/ocis/pull/11444) ##### Details - Bugfix - Fix the OCM role editor: [#​11071](https://redirect.github.com/owncloud/ocis/pull/11071) Fix the OCM role editor permission set. The redundant permissions have been removed. [https://github.com/owncloud/ocis/issues/11054](https://redirect.github.com/owncloud/ocis/issues/11054) [https://github.com/owncloud/ocis/pull/11071](https://redirect.github.com/owncloud/ocis/pull/11071)71 - Bugfix - Fix the SpaceMembershipExpired event: [#​11078](https://redirect.github.com/owncloud/ocis/pull/11078) We fixed the SpaceMembershipExpired event emitting. [https://github.com/owncloud/ocis/issues/10882](https://redirect.github.com/owncloud/ocis/issues/10882) [https://github.com/owncloud/ocis/pull/11078](https://redirect.github.com/owncloud/ocis/pull/11078)78 - Bugfix - Fix the OCM role file editor: [#​11093](https://redirect.github.com/owncloud/ocis/pull/11093) Fix the OCM role file editor permission set. The redundant permissions have been removed. [https://github.com/owncloud/ocis/issues/11054](https://redirect.github.com/owncloud/ocis/issues/11054) [https://github.com/owncloud/ocis/pull/11093](https://redirect.github.com/owncloud/ocis/pull/11093)93 - Bugfix - Fix the parent-id for the share-jail root: [#​11101](https://redirect.github.com/owncloud/ocis/pull/11101) Fix the parent-id for the share-jail root. [https://github.com/owncloud/ocis/issues/10917](https://redirect.github.com/owncloud/ocis/issues/10917) [https://github.com/owncloud/ocis/pull/11101](https://redirect.github.com/owncloud/ocis/pull/11101)01 - Bugfix - Adjust the capabilities according to full text search config: [#​11111](https://redirect.github.com/owncloud/ocis/pull/11111) Adjust the capabilities according to full text search configurations. [https://github.com/owncloud/ocis/issues/11059](https://redirect.github.com/owncloud/ocis/issues/11059) [https://github.com/owncloud/ocis/pull/11111](https://redirect.github.com/owncloud/ocis/pull/11111)11 - Bugfix - Fix app-auth: [#​11123](https://redirect.github.com/owncloud/ocis/pull/11123) Allow the app-auth announce `www-authenticate: basic` header. [https://github.com/owncloud/ocis/issues/11113](https://redirect.github.com/owncloud/ocis/issues/11113) [https://github.com/owncloud/ocis/pull/11123](https://redirect.github.com/owncloud/ocis/pull/11123)23 - Bugfix - Fix the SpaceMembershipExpired duplicate event: [#​11127](https://redirect.github.com/owncloud/ocis/pull/11127) We fixed the SpaceMembershipExpired event duplication issue. [https://github.com/owncloud/ocis/issues/10966](https://redirect.github.com/owncloud/ocis/issues/10966) [https://github.com/owncloud/ocis/pull/11127](https://redirect.github.com/owncloud/ocis/pull/11127)27 - Bugfix - Fix migrate rebuild-jsoncs3-indexes cli: [#​11145](https://redirect.github.com/owncloud/ocis/pull/11145) Fix migrate rebuild-jsoncs3-indexes cli [https://github.com/owncloud/ocis/issues/11145](https://redirect.github.com/owncloud/ocis/issues/11145) [https://github.com/owncloud/ocis/pull/11145](https://redirect.github.com/owncloud/ocis/pull/11145)45 - Bugfix - OCM Share Notifications: [#​11162](https://redirect.github.com/owncloud/ocis/pull/11162) Fix no OCM sharing notifications, now share and unshare notifications are created [https://github.com/owncloud/ocis/issues/11042](https://redirect.github.com/owncloud/ocis/issues/11042) [https://github.com/owncloud/ocis/pull/11162](https://redirect.github.com/owncloud/ocis/pull/11162)62 - Bugfix - Fix pdf form creation: [#​11163](https://redirect.github.com/owncloud/ocis/pull/11163) Fix pdf form creation for Onlyoffice. Adjust the file extension for Form to be PDF instead of DOCXF [https://github.com/owncloud/ocis/issues/11164](https://redirect.github.com/owncloud/ocis/issues/11164) [https://github.com/owncloud/ocis/pull/11163](https://redirect.github.com/owncloud/ocis/pull/11163)63 - Bugfix - Fix app-auth, REST status code: [#​11190](https://redirect.github.com/owncloud/ocis/pull/11190) Now app-auth REST returns status code 404 when creating token for non-existent user (Impersonation) [https://github.com/owncloud/ocis/issues/10815](https://redirect.github.com/owncloud/ocis/issues/10815) [https://github.com/owncloud/ocis/pull/11190](https://redirect.github.com/owncloud/ocis/pull/11190)90 - Bugfix - Fix error on listing space members: [#​11245](https://redirect.github.com/owncloud/ocis/pull/11245) Now the members list will still show grantees even with there is any invalid share after the upgrade. [https://github.com/owncloud/ocis/issues/11119](https://redirect.github.com/owncloud/ocis/issues/11119) [https://github.com/owncloud/ocis/pull/11245](https://redirect.github.com/owncloud/ocis/pull/11245)45 - Bugfix - Fix the graceful shutdown: [#​11295](https://redirect.github.com/owncloud/ocis/pull/11295) Fix the graceful shutdown using the new ocis and reva runners. [https://github.com/owncloud/ocis/issues/11170](https://redirect.github.com/owncloud/ocis/issues/11170) [https://github.com/owncloud/ocis/pull/11295](https://redirect.github.com/owncloud/ocis/pull/11295)95 - Bugfix - Fix the reva log interceptor: [#​11348](https://redirect.github.com/owncloud/ocis/pull/11348) Fix the reva log interceptor. Implemented the Unwrap interface to allow TUS middleware to handle correctly SetReadDeadline and SetWriteDeadline functions and to avoid the error during the upload. [https://github.com/owncloud/ocis/issues/10857](https://redirect.github.com/owncloud/ocis/issues/10857) [https://github.com/owncloud/ocis/pull/11348](https://redirect.github.com/owncloud/ocis/pull/11348)48 - Bugfix - Fix panic while traversing the service list: [#​11390](https://redirect.github.com/owncloud/ocis/pull/11390) Fix the panic while traversing the service list [https://github.com/owncloud/ocis/issues/11377](https://redirect.github.com/owncloud/ocis/issues/11377) [https://github.com/owncloud/ocis/pull/11390](https://redirect.github.com/owncloud/ocis/pull/11390)90 - Bugfix - Fix the OCM role editor: [#​11484](https://redirect.github.com/owncloud/ocis/pull/11484) Fix the issue when the watermark is visible to user with a viewer role in Collabora [https://github.com/owncloud/ocis/issues/11474](https://redirect.github.com/owncloud/ocis/issues/11474) [https://github.com/owncloud/ocis/pull/11484](https://redirect.github.com/owncloud/ocis/pull/11484)84 - Bugfix - Fix storage-users cli: [#​11490](https://redirect.github.com/owncloud/ocis/pull/11490) Fix storage-users uploads --resume command. [https://github.com/owncloud/ocis/issues/11290](https://redirect.github.com/owncloud/ocis/issues/11290) [https://github.com/owncloud/ocis/pull/11490](https://redirect.github.com/owncloud/ocis/pull/11490)90 - Bugfix - Clean up unified roles label: [#​11494](https://redirect.github.com/owncloud/ocis/pull/11494) Clean up the unified roles label [https://github.com/owncloud/ocis/issues/11470](https://redirect.github.com/owncloud/ocis/issues/11470) [https://github.com/owncloud/ocis/issues/11254](https://redirect.github.com/owncloud/ocis/issues/11254)5[https://github.com/owncloud/ocis/issues/10082](https://redirect.github.com/owncloud/ocis/issues/10082)0[https://github.com/owncloud/ocis/pull/11494](https://redirect.github.com/owncloud/ocis/pull/11494)/11494 - Change - Remove deprecated FRONTEND\_OCS\_\*: [#​11333](https://redirect.github.com/owncloud/ocis/pull/11333) Deprecated FRONTEND\_OCS\_\* environment variable was removed from config. [https://github.com/owncloud/ocis/issues/11314](https://redirect.github.com/owncloud/ocis/issues/11314) [https://github.com/owncloud/ocis/pull/11333](https://redirect.github.com/owncloud/ocis/pull/11333)33 - Change - Remove deprecated CLIENTLOG\_REVA\_GATEWAY: [#​11372](https://redirect.github.com/owncloud/ocis/pull/11372) Deprecated CLIENTLOG\_REVA\_GATEWAY environment variable was removed from config. [https://github.com/owncloud/ocis/issues/11314](https://redirect.github.com/owncloud/ocis/issues/11314) [https://github.com/owncloud/ocis/pull/11372](https://redirect.github.com/owncloud/ocis/pull/11372)72 - Enhancement - Update Mockery to 2.52.3: [#​11070](https://redirect.github.com/owncloud/ocis/pull/11070) Without updating ocis will not build on go 1.24. This requires also updating the go version to 1.24 [https://github.com/owncloud/ocis/pull/11070](https://redirect.github.com/owncloud/ocis/pull/11070) - Enhancement - Improve postprocessing logs: [#​11108](https://redirect.github.com/owncloud/ocis/pull/11108) Improve postprocessing logs to easily trace successful and failing uploads/ [https://github.com/owncloud/ocis/issues/10998](https://redirect.github.com/owncloud/ocis/issues/10998) [https://github.com/owncloud/ocis/pull/11108](https://redirect.github.com/owncloud/ocis/pull/11108)08 - Enhancement - Improve graph space management logs: [#​11115](https://redirect.github.com/owncloud/ocis/pull/11115) Improve graph space management logs to help troubleshooting user operations [https://github.com/owncloud/ocis/issues/10989](https://redirect.github.com/owncloud/ocis/issues/10989) [https://github.com/owncloud/ocis/pull/11115](https://redirect.github.com/owncloud/ocis/pull/11115)15 - Enhancement - Delete notification by ID: [#​11203](https://redirect.github.com/owncloud/ocis/pull/11203) It is now possible to delete a single notification by ID: DELETE /ocs/v2.php/apps/notifications/api/v1/notifications/:id [https://github.com/owncloud/enterprise/issues/6307](https://redirect.github.com/owncloud/enterprise/issues/6307) [https://github.com/owncloud/ocis/pull/11203](https://redirect.github.com/owncloud/ocis/pull/11203)03 - Enhancement - CLI, storage-users uploads delete-stale-nodes: [#​11216](https://redirect.github.com/owncloud/ocis/pull/11216) An oCIS command that deletes stale nodes: in processing state wihout connected upload info. [https://github.com/owncloud/enterprise/issues/7178](https://redirect.github.com/owncloud/enterprise/issues/7178) [https://github.com/owncloud/ocis/pull/11216](https://redirect.github.com/owncloud/ocis/pull/11216)16 - Enhancement - Allow setting driveid through graph API: [#​11256](https://redirect.github.com/owncloud/ocis/pull/11256) Allow setting the id through the graph API. This should always be a uuid to avoid clashes, but this is the responsibility of the API user. [https://github.com/owncloud/ocis/pull/11256](https://redirect.github.com/owncloud/ocis/pull/11256) - Enhancement - More secure Microsoft 365 collaboration: [#​11276](https://redirect.github.com/owncloud/ocis/pull/11276) Security update to WOPI protocol token handling [https://github.com/owncloud/ocis/pull/11276](https://redirect.github.com/owncloud/ocis/pull/11276) - Enhancement - Claim managed spaces: [#​11280](https://redirect.github.com/owncloud/ocis/pull/11280) Allow managing spaces from oidc claims [https://github.com/owncloud/ocis/pull/11280](https://redirect.github.com/owncloud/ocis/pull/11280) [https://github.com/owncloud/ocis/pull/11291](https://redirect.github.com/owncloud/ocis/pull/11291)91 - Enhancement - Bump Reva: [#​11283](https://redirect.github.com/owncloud/ocis/pull/11283) Bumps reva version [https://github.com/owncloud/ocis/pull/11283](https://redirect.github.com/owncloud/ocis/pull/11283) - Enhancement - Update ocis\_full deployment example images: [#​11319](https://redirect.github.com/owncloud/ocis/pull/11319) The ocis\_full deployment example got updated images. Additionally a fix has been implemented for collabora.yml to be compliant with new releases. [https://github.com/owncloud/ocis/pull/11319](https://redirect.github.com/owncloud/ocis/pull/11319) - Enhancement - Bump Web to 11.3.2: [#​11330](https://redirect.github.com/owncloud/ocis/pull/11330) - Bugfix [owncloud/web#12460](https://redirect.github.com/owncloud/web/pull/12460): Add missing dependencies to markdown editor - Bugfix [owncloud/web#12460](https://redirect.github.com/owncloud/web/pull/12460): Hide image upload in markdown editor - Bugfix [owncloud/web#12460](https://redirect.github.com/owncloud/web/pull/12460): Hide save in markdown editor [https://github.com/owncloud/ocis/pull/11330](https://redirect.github.com/owncloud/ocis/pull/11330) https://github.com/owncloud/web/releases/tag/v11.3.2 - Enhancement - Add capability for server managed spaces: [#​11332](https://redirect.github.com/owncloud/ocis/pull/11332) Adds the capability for server managed spaces, which will deactivate adding/removing users to/from spaces in the web UI. [https://github.com/owncloud/ocis/pull/11332](https://redirect.github.com/owncloud/ocis/pull/11332) - Enhancement - Harden office deployment process: [#​11339](https://redirect.github.com/owncloud/ocis/pull/11339) Office deployment will use proof keys by default to ensure requests to the collaboration service come from a trusted source. In addition, OnlyOffice will use ip filters to ensure requests come from the collaboration service (with the exception of the editor). Lastly, the collaboration service won't be exposed to the outside and will remain in the docker network. [https://github.com/owncloud/ocis/pull/11339](https://redirect.github.com/owncloud/ocis/pull/11339) - Enhancement - Add SpaceEditorWithoutTrashbin Role: [#​11391](https://redirect.github.com/owncloud/ocis/pull/11391) Added a new built-in role: `SpaceEditorWithoutTrashbin`. This role is a subset of the `SpaceEditor` role, but it does not have list/restore resources in trashbin permissions. [https://github.com/owncloud/ocis/issues/11206](https://redirect.github.com/owncloud/ocis/issues/11206) [https://github.com/owncloud/ocis/pull/11391](https://redirect.github.com/owncloud/ocis/pull/11391)91 - Enhancement - Improve cookies security: [#​11413](https://redirect.github.com/owncloud/ocis/pull/11413) Cookies now have securtiy flags set that remove angle for attacks like CSRF, MITM, XSS. [https://github.com/owncloud/ocis/pull/11413](https://redirect.github.com/owncloud/ocis/pull/11413) - Enhancement - Bump Web to 12.0.0: [#​11420](https://redirect.github.com/owncloud/ocis/pull/11420) - Bugfix [owncloud/web#11960](https://redirect.github.com/owncloud/web/pull/11960): Preview app flat file lists - Bugfix [owncloud/web#11967](https://redirect.github.com/owncloud/web/pull/11967): Show progress bar when emptying trash bin - Bugfix [owncloud/web#12059](https://redirect.github.com/owncloud/web/pull/12059): Reload preloaded resource in sidebar - Bugfix [owncloud/web#12101](https://redirect.github.com/owncloud/web/pull/12101): Missing User Light translations - Bugfix [owncloud/web#12207](https://redirect.github.com/owncloud/web/pull/12207): Preserve current page when opening a file - Bugfix [owncloud/web#12227](https://redirect.github.com/owncloud/web/pull/12227): Make password protected folder tile clickable - Bugfix [owncloud/web#12228](https://redirect.github.com/owncloud/web/issues/12228): Allow email address as user name in the user creation form - Bugfix [owncloud/web#12236](https://redirect.github.com/owncloud/web/pull/12236): Sorting arrow misplaced - Bugfix [owncloud/web#12265](https://redirect.github.com/owncloud/web/pull/12265): Disable cutting and pasting into the same folder - Bugfix [owncloud/web#12266](https://redirect.github.com/owncloud/web/pull/12266): Generate public link password on click - Bugfix [owncloud/web#12328](https://redirect.github.com/owncloud/web/pull/12328): Disallow user from inviting themselves - Bugfix [owncloud/web#12329](https://redirect.github.com/owncloud/web/pull/12329): Delete .psec file - Bugfix [owncloud/web#12336](https://redirect.github.com/owncloud/web/pull/12336): Handle shares loading error - Bugfix [owncloud/web#12339](https://redirect.github.com/owncloud/web/pull/12339): Add domain to distinguish between external users - Bugfix [owncloud/web#12351](https://redirect.github.com/owncloud/web/pull/12351): Fix sorting in spaces view that may crash the application - Bugfix [owncloud/web#12356](https://redirect.github.com/owncloud/web/pull/12356): Show path tooltip on parent folder - Bugfix [owncloud/web#12357](https://redirect.github.com/owncloud/web/pull/12357): Handle changed public link password in file editors - Bugfix [owncloud/web#12368](https://redirect.github.com/owncloud/web/pull/12368): Space context menu is cropped with limited vertical screen space - Bugfix [owncloud/web#12373](https://redirect.github.com/owncloud/web/pull/12373): Add space not found message - Bugfix [owncloud/web#12377](https://redirect.github.com/owncloud/web/pull/12377): Mock services correctly in test file - Bugfix [owncloud/web#12385](https://redirect.github.com/owncloud/web/pull/12385): Use resource ID in share notifications - Bugfix [owncloud/web#12385](https://redirect.github.com/owncloud/web/pull/12385): Watch scroll target in shared list - Bugfix [owncloud/web#12406](https://redirect.github.com/owncloud/web/pull/12406): Download archives directly - Bugfix [owncloud/web#12406](https://redirect.github.com/owncloud/web/pull/12406): Request archive as blob - Bugfix [owncloud/web#12478](https://redirect.github.com/owncloud/web/pull/12478): Fix wrong HTML lang attribute - Bugfix [owncloud/web#12482](https://redirect.github.com/owncloud/web/pull/12482): Delete resource throws unknown error - Bugfix [owncloud/web#12487](https://redirect.github.com/owncloud/web/pull/12487): Application language and browser language do not match - Bugfix [owncloud/web#12606](https://redirect.github.com/owncloud/web/pull/12606): Access correct key when loading favorites - Bugfix [owncloud/web#12607](https://redirect.github.com/owncloud/web/pull/12607): Load ancestor space only when parent id is returned - Bugfix [owncloud/web#12608](https://redirect.github.com/owncloud/web/pull/12608): Do not crash when tus is unsupported - Bugfix [owncloud/web#12628](https://redirect.github.com/owncloud/web/pull/12628): Use capabilities store in preview service - Bugfix [owncloud/web#12646](https://redirect.github.com/owncloud/web/pull/12646): Add missing label to rename button - Change [owncloud/web#12567](https://redirect.github.com/owncloud/web/pull/12567): Remove CERN's collapsible table - Change [owncloud/web#12686](https://redirect.github.com/owncloud/web/pull/12686): Remove deprecated applicationMenu - Change [owncloud/web#12686](https://redirect.github.com/owncloud/web/pull/12686): Remove deprecated ApplicationQuickAction - Change [owncloud/web#12686](https://redirect.github.com/owncloud/web/pull/12686): Remove deprecated client init method - Change [owncloud/web#12686](https://redirect.github.com/owncloud/web/pull/12686): Remove deprecated isFileEditor - Change [owncloud/web#12686](https://redirect.github.com/owncloud/web/pull/12686): Remove deprecated ocsUserContext and ocsPublicLinkContext - Change [owncloud/web#12686](https://redirect.github.com/owncloud/web/pull/12686): Remove deprecated type prop - Enhancement [owncloud/web#5379](https://redirect.github.com/owncloud/web/issues/5379): Accessibility improvements - Enhancement [owncloud/web#11849](https://redirect.github.com/owncloud/web/pull/11849): Create spaces via admin settings - Enhancement [owncloud/web#12110](https://redirect.github.com/owncloud/web/pull/12110): Hide active editor action - Enhancement [owncloud/web#12239](https://redirect.github.com/owncloud/web/pull/12239): Add maintenance banner - Enhancement [owncloud/web#12243](https://redirect.github.com/owncloud/web/pull/12243): Add new supported language to md-editor - Enhancement [owncloud/web#12355](https://redirect.github.com/owncloud/web/pull/12355): Rephrase invite users to invite users to federate - Enhancement [owncloud/web#12424](https://redirect.github.com/owncloud/web/pull/12424): Use custom password generator - Enhancement [owncloud/web#12488](https://redirect.github.com/owncloud/web/pull/12488): Add OCM explanatory tooltips - Enhancement [owncloud/web#12508](https://redirect.github.com/owncloud/web/pull/12508): Add duplicate action - Enhancement [owncloud/web#12509](https://redirect.github.com/owncloud/web/pull/12509): Add flat list view - Enhancement [owncloud/web#12513](https://redirect.github.com/owncloud/web/pull/12513): Add loading spinner to submit button - Enhancement [owncloud/web#12519](https://redirect.github.com/owncloud/web/pull/12519): Improve file drop view UI - Enhancement [owncloud/web#12578](https://redirect.github.com/owncloud/web/pull/12578): Add Catalan to list of supported languages - Enhancement [owncloud/web#12584](https://redirect.github.com/owncloud/web/pull/12584): Disable space membership management when it's server-managed - Enhancement [owncloud/web#12648](https://redirect.github.com/owncloud/web/pull/12648): Add login error [https://github.com/owncloud/ocis/pull/11420](https://redirect.github.com/owncloud/ocis/pull/11420) https://github.com/owncloud/web/releases/tag/v12.0.0 - Enhancement - Bump Web to 12.0.1: [#​11420](https://redirect.github.com/owncloud/ocis/pull/11420) - Bugfix [owncloud/web#12697](https://redirect.github.com/owncloud/web/pull/12697): Md Text Html Preview Text gets Clipped [https://github.com/owncloud/ocis/pull/11420](https://redirect.github.com/owncloud/ocis/pull/11420) https://github.com/owncloud/web/releases/tag/v12.0.1 - Enhancement - Remove deprecated envvars: [#​11430](https://redirect.github.com/owncloud/ocis/pull/11430) Remove envvars that where deprecated on previous versions [https://github.com/owncloud/ocis/pull/11430](https://redirect.github.com/owncloud/ocis/pull/11430) - Enhancement - Update Bleve to v2.5.2: [#​11441](https://redirect.github.com/owncloud/ocis/pull/11441) Updated blevesearch dependency with minor improvements to the search quality. [https://github.com/owncloud/ocis/pull/11441](https://redirect.github.com/owncloud/ocis/pull/11441) - Enhancement - Bump Web to 12.0.2: [#​11444](https://redirect.github.com/owncloud/ocis/pull/11444) - Bugfix [owncloud/web#12575](https://redirect.github.com/owncloud/web/pull/12575): Ensure uniform distribution when generating password [https://github.com/owncloud/ocis/pull/11444](https://redirect.github.com/owncloud/ocis/pull/11444) https://github.com/owncloud/web/releases/tag/v12.0.2 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4zMi4yIiwidXBkYXRlZEluVmVyIjoiNDEuMzIuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
web/packages/web-pkg/src/services/passwordPolicy/passwordPolicy.ts
Line 185 in 1bdd38c
Fix the issue need to replace the biased division-based random index generation with a method that ensures uniform distribution. This can be achieved by using a rejection sampling approach, similar to the one used earlier in the
getRandomCharsFromSetfunction. Specifically, we will calculate asetLimitfor the array length and discard random values that fall outside this range. This ensures that the modulo operation produces unbiased results.The changes will be made to the shuffle logic on lines 184–186.
References
Understanding “randomness”
Insecure Randomness
Rule - Use strong approved cryptographic algorithms
CWE-327
Types of changes
Open tasks: