diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 0000000000..e414f48cb8 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,15 @@ +# Security Policy + +## Versions + +As an open source product, we will only patch the latest major version for security vulnerabilities. Previous versions of budibase will not be retroactively patched. + +## Disclosing + +You can get in touch with us regarding a vulnerability via email at community@budibase.com. + +You can also disclose via huntr.dev. If you believe you have found a vulnerability, please disclose it on huntr and let us know. + +https://huntr.dev/bounties/disclose + +This will enable us to review the vulnerability and potentially reward you for your work. diff --git a/hosting/kubernetes/envoy/envoy.yaml b/hosting/kubernetes/envoy/envoy.yaml index 0e7859d887..1041287f5e 100644 --- a/hosting/kubernetes/envoy/envoy.yaml +++ b/hosting/kubernetes/envoy/envoy.yaml @@ -33,11 +33,19 @@ static_resources: route: cluster: app-service - # special case for worker admin API + # special cases for worker admin (deprecated), global and system API + - match: { prefix: "/api/global/" } + route: + cluster: worker-service + - match: { prefix: "/api/admin/" } route: cluster: worker-service + - match: { prefix: "/api/system/" } + route: + cluster: worker-service + - match: { path: "/" } route: cluster: app-service diff --git a/lerna.json b/lerna.json index 1eb932ef8b..7f74cf2d9b 100644 --- a/lerna.json +++ b/lerna.json @@ -1,5 +1,5 @@ { - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "npmClient": "yarn", "packages": [ "packages/*" diff --git a/packages/auth/package.json b/packages/auth/package.json index a26034e1bb..9d0e84334a 100644 --- a/packages/auth/package.json +++ b/packages/auth/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/auth", - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "description": "Authentication middlewares for budibase builder and apps", "main": "src/index.js", "author": "Budibase", diff --git a/packages/bbui/package.json b/packages/bbui/package.json index 880f491528..61d89f175d 100644 --- a/packages/bbui/package.json +++ b/packages/bbui/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/bbui", "description": "A UI solution used in the different Budibase projects.", - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "license": "AGPL-3.0", "svelte": "src/index.js", "module": "dist/bbui.es.js", diff --git a/packages/builder/package.json b/packages/builder/package.json index c6dbb98b6e..a6aab5b1e6 100644 --- a/packages/builder/package.json +++ b/packages/builder/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/builder", - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "license": "AGPL-3.0", "private": true, "scripts": { @@ -65,10 +65,10 @@ } }, "dependencies": { - "@budibase/bbui": "^0.9.120-alpha.1", - "@budibase/client": "^0.9.120-alpha.1", + "@budibase/bbui": "^0.9.120-alpha.4", + "@budibase/client": "^0.9.120-alpha.4", "@budibase/colorpicker": "1.1.2", - "@budibase/string-templates": "^0.9.120-alpha.1", + "@budibase/string-templates": "^0.9.120-alpha.4", "@sentry/browser": "5.19.1", "@spectrum-css/page": "^3.0.1", "@spectrum-css/vars": "^3.0.1", diff --git a/packages/builder/src/components/backend/DataTable/modals/ExportModal.svelte b/packages/builder/src/components/backend/DataTable/modals/ExportModal.svelte index 0b63c0bd4d..740027a8fd 100644 --- a/packages/builder/src/components/backend/DataTable/modals/ExportModal.svelte +++ b/packages/builder/src/components/backend/DataTable/modals/ExportModal.svelte @@ -18,12 +18,10 @@ let exportFormat = FORMATS[0].key async function exportView() { - const filename = `export.${exportFormat}` download( `/api/views/export?view=${encodeURIComponent( view - )}&format=${exportFormat}`, - filename + )}&format=${exportFormat}` ) } diff --git a/packages/cli/package.json b/packages/cli/package.json index 910a96cf41..156ab71593 100644 --- a/packages/cli/package.json +++ b/packages/cli/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/cli", - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "description": "Budibase CLI, for developers, self hosting and migrations.", "main": "src/index.js", "bin": { diff --git a/packages/client/package.json b/packages/client/package.json index d771583e91..d034fe5c95 100644 --- a/packages/client/package.json +++ b/packages/client/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/client", - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "license": "MPL-2.0", "module": "dist/budibase-client.js", "main": "dist/budibase-client.js", @@ -18,9 +18,9 @@ "dev:builder": "rollup -cw" }, "dependencies": { - "@budibase/bbui": "^0.9.120-alpha.1", - "@budibase/standard-components": "^0.9.120-alpha.1", - "@budibase/string-templates": "^0.9.120-alpha.1", + "@budibase/bbui": "^0.9.120-alpha.4", + "@budibase/standard-components": "^0.9.120-alpha.4", + "@budibase/string-templates": "^0.9.120-alpha.4", "regexparam": "^1.3.0", "shortid": "^2.2.15", "svelte-spa-router": "^3.0.5" diff --git a/packages/server/package.json b/packages/server/package.json index 4f8fe8928c..3f600ff090 100644 --- a/packages/server/package.json +++ b/packages/server/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/server", "email": "hi@budibase.com", - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "description": "Budibase Web Server", "main": "src/index.js", "repository": { @@ -62,9 +62,9 @@ "author": "Budibase", "license": "AGPL-3.0-or-later", "dependencies": { - "@budibase/auth": "^0.9.120-alpha.1", - "@budibase/client": "^0.9.120-alpha.1", - "@budibase/string-templates": "^0.9.120-alpha.1", + "@budibase/auth": "^0.9.120-alpha.4", + "@budibase/client": "^0.9.120-alpha.4", + "@budibase/string-templates": "^0.9.120-alpha.4", "@elastic/elasticsearch": "7.10.0", "@koa/router": "8.0.0", "@sendgrid/mail": "7.1.1", @@ -117,7 +117,7 @@ "devDependencies": { "@babel/core": "^7.14.3", "@babel/preset-env": "^7.14.4", - "@budibase/standard-components": "^0.9.120-alpha.1", + "@budibase/standard-components": "^0.9.120-alpha.4", "@jest/test-sequencer": "^24.8.0", "@types/bull": "^3.15.1", "@types/jest": "^26.0.23", diff --git a/packages/standard-components/package.json b/packages/standard-components/package.json index 856ba7af10..fee5c5da3b 100644 --- a/packages/standard-components/package.json +++ b/packages/standard-components/package.json @@ -29,11 +29,11 @@ "keywords": [ "svelte" ], - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "license": "MIT", "gitHead": "d1836a898cab3f8ab80ee6d8f42be1a9eed7dcdc", "dependencies": { - "@budibase/bbui": "^0.9.120-alpha.1", + "@budibase/bbui": "^0.9.120-alpha.4", "@spectrum-css/button": "^3.0.3", "@spectrum-css/card": "^3.0.3", "@spectrum-css/divider": "^1.0.3", diff --git a/packages/string-templates/package.json b/packages/string-templates/package.json index d35245485d..6e801de3c4 100644 --- a/packages/string-templates/package.json +++ b/packages/string-templates/package.json @@ -1,6 +1,6 @@ { "name": "@budibase/string-templates", - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "description": "Handlebars wrapper for Budibase templating.", "main": "src/index.cjs", "module": "dist/bundle.mjs", diff --git a/packages/worker/package.json b/packages/worker/package.json index 620b4616eb..6d32ae1c7c 100644 --- a/packages/worker/package.json +++ b/packages/worker/package.json @@ -1,7 +1,7 @@ { "name": "@budibase/worker", "email": "hi@budibase.com", - "version": "0.9.120-alpha.1", + "version": "0.9.120-alpha.4", "description": "Budibase background service", "main": "src/index.js", "repository": { @@ -23,8 +23,8 @@ "author": "Budibase", "license": "AGPL-3.0-or-later", "dependencies": { - "@budibase/auth": "^0.9.120-alpha.1", - "@budibase/string-templates": "^0.9.120-alpha.1", + "@budibase/auth": "^0.9.120-alpha.4", + "@budibase/string-templates": "^0.9.120-alpha.4", "@koa/router": "^8.0.0", "@techpass/passport-openidconnect": "^0.3.0", "aws-sdk": "^2.811.0",