1451 template dates #3171
Open
1451 template dates #3171
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [lodash.merge](https://github.com/lodash/lodash) from 4.6.1 to 4.6.2. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](https://github.com/lodash/lodash/commits) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.14. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.11...4.17.14) Signed-off-by: dependabot[bot] <support@github.com>
* Added response headers for CORS and server identification (gophish#1517) Co-Authored-By: Glenn Wilkinson <glenn.wilkinson@gmail.com>
If the user name is embedding some JS code, it will be executed on the client side. Note: gophish/static/js/dist/app/users.min.js will need to be regenerated too.
The top navigation menu is redundant to the sidebar. We’re opting to remove it so that we are free to update the sidebar to be more complex over time.
Upgrades the SweetAlert2 dependency to version 8.x.x. Co-authored-by: Glenn Wilkinson <glenn.wilkinson@gmail.com>
The Dockerfile has also been rebuilt to use an unprivileged user instead of root. The run script adds more options and changes the method the configuration is overwritten, which may help in situations where the configuration is not owned by the unprivileged user.
Relating to the Issue (gophish#1570), this could be an easy fix.
Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/jonschlinkert/mixin-deep/releases) - [Commits](jonschlinkert/mixin-deep@1.3.1...1.3.2) Signed-off-by: dependabot[bot] <support@github.com>
Bumps [lodash](https://github.com/lodash/lodash) from 4.17.11 to 4.17.15. - [Release notes](https://github.com/lodash/lodash/releases) - [Commits](lodash/lodash@4.17.11...4.17.15) Signed-off-by: dependabot[bot] <support@github.com>
Updates the user model to return the user’s API key for easier administration.
This commit significantly improves the performance of campaign and group creation by changing database access to use transactions. It should also make things more consistent with campaign creation. Specifically, this will ensure that the entire campaign gets created before emails start sending, while I anticipate this will fix gophish#1643, gophish#1080, (possibly) gophish#1677, and gophish#1552.
…LS 1.2 as the minimum TLS version. This addresses gophish#1691 and gophish#1689. I am making this change since Microsoft, Google, and Apple have all chosen to deprecate TLS 1.0 and TLS 1.1 in early 2020. In late 2018, the companies recorded that less than 1.4 percent (max) of their connections used < TLS 1.2. Output before change: ``` docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333 Testing protocols via sockets except NPN+ALPN SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 offered (deprecated) TLS 1.1 offered (deprecated) TLS 1.2 offered (OK) TLS 1.3 offered (OK): final NPN/SPDY h2, http/1.1 (advertised) ALPN/HTTP2 h2, http/1.1 (offered) ``` Output after change: ``` docker run --rm -ti -p 3333:3333 drwetter/testssl.sh https://host.docker.internal:3333 Testing protocols via sockets except NPN+ALPN SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 not offered TLS 1.1 not offered TLS 1.2 offered (OK) TLS 1.3 offered (OK): final NPN/SPDY h2, http/1.1 (advertised) ALPN/HTTP2 h2, http/1.1 (offered) ```
It appears that the MySQL driver dropped support for Go 1.9. Until we have vendoring in place (will happen soon!) we must follow suit and drop support for Go v1.9. This still allows us to support the latest three versions of Go.
Adds support for managing outgoing webhooks. Closes gophish#1602
- Ran gofmt - Rebuilt minified static files - Updated validation payload
Get send_by_date field when query on GetCampaignSummary and GetCampaignSummaries
As mentioned in gophish#1702, the query in `insertTargetIntoGroup` isn't needed, since both instances where it's used we already know that the target isn't in the group. This means it's safe to remove that query, improving performance dramatically. Before: ``` BenchmarkPostGroup100-4 81 12629754 ns/op 2989993 B/op 52918 allocs/op BenchmarkPostGroup1000-4 6 189527792 ns/op 29891818 B/op 528082 allocs/op BenchmarkPostGroup10000-4 1 6203645806 ns/op 299253648 B/op 5282859 allocs/op BenchmarkPutGroup100-4 100 10221833 ns/op 2589165 B/op 46078 allocs/op BenchmarkPutGroup1000-4 7 162692432 ns/op 25812440 B/op 458425 allocs/op BenchmarkPutGroup10000-4 1 7596445084 ns/op 260385808 B/op 4581569 allocs/op ``` After: ``` BenchmarkPostGroup100-4 133 8848973 ns/op 2354605 B/op 42322 allocs/op BenchmarkPostGroup1000-4 9 112557410 ns/op 23549206 B/op 422184 allocs/op BenchmarkPostGroup10000-4 1 3414209403 ns/op 235635952 B/op 4222090 allocs/op BenchmarkPutGroup100-4 147 8094333 ns/op 2271297 B/op 40777 allocs/op BenchmarkPutGroup1000-4 9 125092124 ns/op 22635067 B/op 405421 allocs/op BenchmarkPutGroup10000-4 1 5712591900 ns/op 228592920 B/op 4051316 allocs/op ```
* Added ParseLevel to set log level (gophish#1671) * Moved logger config into the logger package for better decoupling. Added logging tests. Co-authored-by: Amal Alkhamees <Amalkh5@users.noreply.github.com>
Initial support of managing reporting through IMAP. Co-Authored-By: Jordan Wright <jmwright798@gmail.com>
…tname+port when validating certificates. Fixes gophish#1709
Bumps [ajv](https://github.com/ajv-validator/ajv) from 6.10.0 to 6.12.6. - [Release notes](https://github.com/ajv-validator/ajv/releases) - [Commits](ajv-validator/ajv@v6.10.0...v6.12.6) --- updated-dependencies: - dependency-name: ajv dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [copy-props](https://github.com/gulpjs/copy-props) from 2.0.4 to 2.0.5. - [Release notes](https://github.com/gulpjs/copy-props/releases) - [Changelog](https://github.com/gulpjs/copy-props/blob/master/CHANGELOG.md) - [Commits](gulpjs/copy-props@2.0.4...2.0.5) --- updated-dependencies: - dependency-name: copy-props dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [minimist](https://github.com/substack/minimist) from 1.2.0 to 1.2.5. - [Release notes](https://github.com/substack/minimist/releases) - [Commits](https://github.com/substack/minimist/compare/1.2.0...1.2.5) --- updated-dependencies: - dependency-name: minimist dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Adds the ability to specify an envelope sender in templates (gophish#986) Authored-by: ChessSpider <ChessSpider@users.noreply.github.com> Authored-by: Olivier MEDOC <o_medoc@yahoo.fr> Authored-by: ptitdoc <ptitdoc@free.fr>
Embed or attach files based on their file extension: * Set 'Content-Disposition: inline' for images * Set 'Content-Disposition: attachment' for other files
Updated installation command
Enables the user to add addresses that they expect incoming connections to come from. Helpful in cases where TLS termination is handled by a load balancer upstream, rather than the application itself.
Clear the selection of resource (template, page, profile) whenever the original resource is deleted and there is only one currently available resource present in the DB while copying a campaign. Without this fix, the only available resource is shown as the original resource, instead of showing [Deleted].
There were new records with name '[Deleted]' being added when a campaign was completed. This used to happen when the resource associated with a campaign (template, page, profile) was deleted before marking the campaign as completed. The save gorm call used to upsert these values and ended up adding rogue records.
…ophish#2669) Co-authored-by: Thomas Castronovo <thocastronovo@cic.be>
The ca-certificates package is necessary for Gophish to connect to webhooks using HTTPS.
Adding environment variable DB_NAME to run.sh so that Gophish Container can be set up with mysql/mariadb. db_name has to be changed in config to mysql for mysql connection to work.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
updated