xinyin025/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-28 00:24:19 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
39774a6a3830eee01fde9f40a1829a5ddc99c0fd
3x-ui/internal/web
T
History
MHSanaei 33b029e1ca fix(security): confine GetCertHash to known cert files (CWE-22) 
Resolve CodeQL go/path-injection (alert #96): the certFile path from
the getCertHash endpoint flowed straight into os.ReadFile, letting an
authenticated request read arbitrary files by path. Validate it against
an allow-list of certificate files the panel already references (inbound
TLS certificateFile values plus the panel's own web cert) and read the
config-sourced path rather than the caller-supplied one, breaking the
taint flow while preserving arbitrary cert locations.
2026-06-21 17:56:17 +02:00
..
controller
feat(tls,reality): port xray TLS/REALITY fields, cert-hash helpers, fallback UX
2026-06-21 15:58:42 +02:00
entity
feat(memory): add memory threshold alerts (#5366)
2026-06-21 17:45:33 +02:00
global
refactor: focused service files, leaf subpackages, and an internal/ layout (#5167)
2026-06-10 15:19:22 +02:00
job
feat(memory): add memory threshold alerts (#5366)
2026-06-21 17:45:33 +02:00
locale
refactor: focused service files, leaf subpackages, and an internal/ layout (#5167)
2026-06-10 15:19:22 +02:00
middleware
refactor(frontend): move form-item hints from extra to tooltip
2026-06-17 17:24:16 +02:00
network
refactor: focused service files, leaf subpackages, and an internal/ layout (#5167)
2026-06-10 15:19:22 +02:00
runtime
perf(scale): speed up traffic, auto-renew, and node bulk ops at 50k-100k clients
2026-06-20 10:35:46 +02:00
service
fix(security): confine GetCertHash to known cert files (CWE-22)
2026-06-21 17:56:17 +02:00
session
refactor: focused service files, leaf subpackages, and an internal/ layout (#5167)
2026-06-10 15:19:22 +02:00
translation
Update zh-CN.json (#5459)
2026-06-21 17:46:31 +02:00
websocket
refactor: focused service files, leaf subpackages, and an internal/ layout (#5167)
2026-06-10 15:19:22 +02:00
cadence_test.go
refactor(web): centralize background job cadences (#5269)
2026-06-14 22:50:24 +02:00
web_mtls_test.go
feat(node): node hardening — mTLS, hashed+zstd reconcile transport, per-node net metrics (#5382)
2026-06-16 12:19:33 +02:00
web_mtls.go
feat(node): node hardening — mTLS, hashed+zstd reconcile transport, per-node net metrics (#5382)
2026-06-16 12:19:33 +02:00
web.go
feat(memory): add memory threshold alerts (#5366)
2026-06-21 17:45:33 +02:00