Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
21 check-ins for the month beginning 2023-09-01 by user drh
Following month ↑|
2023-09-29
| ||
| 12:53 | Fix self-registration bug created by the enhanced CSRF defense changes. ... (check-in: 6ae99418 user: drh tags: trunk) | |
|
2023-09-28
| ||
| 14:15 | Update to the change log. ... (check-in: e3e28f43 user: drh tags: trunk) | |
| 14:13 | Changing a setting to an empty string is now the same as unsetting that value, in most cases. Settings that are exceptions to the rule are marked with the "keep-empty" flag. Fix for the issue reported by forum post a17b5fa51d607e3d. ... (check-in: 1f6ae1ef user: drh tags: trunk) | |
| 14:08 | Minor tweaks to the hash color test page. ... (check-in: 19799565 user: drh tags: trunk) | |
| 13:51 | The "branch ls" command should flag private branches with -R. ... (check-in: 016f6c5e user: drh tags: trunk) | |
| 13:43 | Remove an unnecessary while() loop. ... (check-in: 225abb37 user: drh tags: trunk) | |
| 13:38 | Mark closed leaves with an X on the timeline graph. ... (check-in: 57bea365 user: drh tags: trunk) | |
|
2023-09-25
| ||
| 15:47 | If the value of a setting is changed into an empty string, then unset it, except for the rare setting that has the new keep-empty property. ... (Closed-Leaf check-in: b9bbb8d7 user: drh tags: unset-empty-settings) | |
|
2023-09-19
| ||
| 11:41 | Improvements to documentation for the "patch" command. ... (check-in: 14ebbe9d user: drh tags: trunk) | |
| 11:31 | Improvements to help-text HTML formatting. ... (check-in: ccc780f5 user: drh tags: trunk) | |
| 11:19 | Updates to the change log. ... (check-in: 5afa42e4 user: drh tags: trunk) | |
| 10:42 | Fix a harmless compiler warning in SQLite. This is a direct edit to the imported sqlite3.c file, which will be overwritten the next time we update SQLite. But that's ok since the warning is fixed in the SQLite tree too. ... (check-in: ead5a95b user: drh tags: trunk) | |
|
2023-09-18
| ||
| 20:43 | Merge the CSRF-defense enhancements into trunk. ... (check-in: 920ace17 user: drh tags: trunk) | |
| 17:13 | Omit the SameSite=strict specifier for the login cookie, since that prevents users from clicking a hyperlink on an email notification and then going directly to the relevant page and getting logged in. ... (Closed-Leaf check-in: fc5b49e9 user: drh tags: csrf-defense-enhancement) | |
| 15:36 | Set the "SameSite=strict" value on cookies (used for authentication) as a further defense-in-depth against CSRF attacks. ... (check-in: bc643c32 user: drh tags: csrf-defense-enhancement) | |
| 15:24 | Fix forum-post approval buttons so that they send the CSRF token. ... (check-in: bf9974cf user: drh tags: csrf-defense-enhancement) | |
| 15:10 | More intensive use of the Synchronizer Token Pattern for CSRF defense. ... (check-in: 0a66be2b user: drh tags: csrf-defense-enhancement) | |
| 14:32 | Strengthen CSRF requirements for the skin editor. ... (check-in: 6912636d user: drh tags: csrf-defense-enhancement) | |
| 14:29 | Cleanup forms on the skin editor page. ... (check-in: 5feae3fd user: drh tags: csrf-defense-enhancement) | |
| 14:13 | Stronger CSRF token based on a SHA1 hash of the login cookie. ... (check-in: ff3746c4 user: drh tags: csrf-defense-enhancement) | |
| 13:18 | Try to simplify and rationalize the defenses against cross-site request forgery attacks. A hodgepodge of techniques have been used in the past. This changes attempts to make everything work more alike and to centralize CSRF defenses for easier auditing. ... (check-in: 88a402fe user: drh tags: csrf-defense-enhancement) | |