|
|
@@ -96,4 +96,17 @@ This is entirely optional of course, just set `proudlyDisplayPoweredByUppy: fals
|
|
|
|
|
|
## Server News
|
|
|
|
|
|
-?
|
|
|
+On the Server side we tackled a number of security issues.
|
|
|
+
|
|
|
+- Fixed security vulnerability in transient dependency [#70](https://github.com/transloadit/uppy-server/issues/70)
|
|
|
+- Auto-generate tmp download file name to avoid Path traversal
|
|
|
+- Namespace redis key storage/lookup to avoid collisions
|
|
|
+- Validate callback redirect url after completing OAuth
|
|
|
+- Reduce the permission level required by google drive
|
|
|
+
|
|
|
+Other non security improvements are:
|
|
|
+
|
|
|
+- Auto-generate Server secret if none is provided on startup
|
|
|
+- We implemented a more standard logger for Uppy Server
|
|
|
+- Added an example project to run Uppy Server on Serverless, [see](https://github.com/transloadit/uppy-server/tree/master/examples/serverless).
|
|
|
+
|
Ifedapo .A. Olarewaju