{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":3449583,"defaultBranch":"master","name":"puppet-foreman","ownerLogin":"theforeman","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2012-02-15T13:19:01.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/1439844?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1726690558.0","currentOid":""},"activityList":{"items":[{"before":"88e8ecc69a196cf58d7079d92c2778d14b8cefa6","after":"cecabf17f42605d42f678ae53df793c337966f2a","ref":"refs/heads/master","pushedAt":"2024-09-18T20:15:58.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ekohl","name":"Ewoud Kohl van Wijngaarden","path":"/ekohl","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/155810?s=80&v=4"},"commit":{"message":"Release 25.2.2","shortMessageHtmlLink":"Release 25.2.2"}},{"before":"07e773feed6f823f6a5fa31f3e98d18cd1f4af77","after":null,"ref":"refs/heads/better-proxy","pushedAt":"2024-09-18T17:49:18.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"}},{"before":"d5d492196368e2c0b0a8a44a146c871ec29ba2ec","after":"88e8ecc69a196cf58d7079d92c2778d14b8cefa6","ref":"refs/heads/master","pushedAt":"2024-09-18T17:49:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Fixes #37761 - use ProxyPass and upgrade=websocket where possible\n\nRewriteRules need special handling of some characters (esp \"?\"), which\ndiffers based on Apache version. Instead of going down that way, we can\nswitch to using ProxyPass as proxying is the only thing we really need\nhere, at least for HTTP.\n\nFor WebSockets, we need to allow protocol upgrades, which modern\n(2.4.47+) Apache can do itself via \"ProxyPass … upgrade=websocket\".\nFor older Apache (esp on EL8 and Ubuntu 20.04), we keep the RewriteRules\nin place. To be removed when we drop support for those targets.\n\nCo-Authored-By: Adam Ruzicka <aruzicka@redhat.com>","shortMessageHtmlLink":"Fixes #37761 - use ProxyPass and upgrade=websocket where possible"}},{"before":"02766b617fc538f7e21752e0363d475a95f61e72","after":"07e773feed6f823f6a5fa31f3e98d18cd1f4af77","ref":"refs/heads/better-proxy","pushedAt":"2024-09-18T17:18:28.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Fixes #37761 - use ProxyPass and upgrade=websocket where possible\n\nRewriteRules need special handling of some characters (esp \"?\"), which\ndiffers based on Apache version. Instead of going down that way, we can\nswitch to using ProxyPass as proxying is the only thing we really need\nhere, at least for HTTP.\n\nFor WebSockets, we need to allow protocol upgrades, which modern\n(2.4.47+) Apache can do itself via \"ProxyPass … upgrade=websocket\".\nFor older Apache (esp on EL8 and Ubuntu 20.04), we keep the RewriteRules\nin place. To be removed when we drop support for those targets.\n\nCo-Authored-By: Adam Ruzicka <aruzicka@redhat.com>","shortMessageHtmlLink":"Fixes #37761 - use ProxyPass and upgrade=websocket where possible"}},{"before":"f23fe508d05762936c370711b572fb5b51440c06","after":"02766b617fc538f7e21752e0363d475a95f61e72","ref":"refs/heads/better-proxy","pushedAt":"2024-09-18T17:17:17.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Fixes #37761 - use ProxyPass and upgrade=websocket where possible\n\nRewriteRules need special handling of some characters (esp \"?\"), which\ndiffers based on Apache version. Instead of going down that way, we can\nswitch to using ProxyPass as proxying is the only thing we really need\nhere, at least for HTTP.\n\nFor WebSockets, we need to allow protocol upgrades, which modern\n(2.4.47+) Apache can do itself via \"ProxyPass … upgrade=websocket\".\nFor older Apache (esp on EL8 and Ubuntu 20.04), we keep the RewriteRules\nin place. To be removed when we drop support for those targets.\n\nCo-Authored-By: Adam Ruzicka <aruzicka@redhat.com>","shortMessageHtmlLink":"Fixes #37761 - use ProxyPass and upgrade=websocket where possible"}},{"before":"066c31aee1bdbb78705385e2a6ee52ace2402234","after":"f23fe508d05762936c370711b572fb5b51440c06","ref":"refs/heads/better-proxy","pushedAt":"2024-09-18T08:13:59.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"use upgrade=websocket where possible","shortMessageHtmlLink":"use upgrade=websocket where possible"}},{"before":"5b6ff1dafdf11465e48a259ec37a66ad9028b052","after":"066c31aee1bdbb78705385e2a6ee52ace2402234","ref":"refs/heads/better-proxy","pushedAt":"2024-09-18T08:06:28.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"use upgrade=websocket where possible","shortMessageHtmlLink":"use upgrade=websocket where possible"}},{"before":"9c7252443a6f73c1b0064f5481f2bfcecf02bdd3","after":"5b6ff1dafdf11465e48a259ec37a66ad9028b052","ref":"refs/heads/better-proxy","pushedAt":"2024-09-18T07:40:33.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"use upgrade=websocket where possible","shortMessageHtmlLink":"use upgrade=websocket where possible"}},{"before":"6f089df6c1455b0978b0668900c7d2368ed491f8","after":"9c7252443a6f73c1b0064f5481f2bfcecf02bdd3","ref":"refs/heads/better-proxy","pushedAt":"2024-09-18T07:19:38.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"use upgrade=websocket where possible","shortMessageHtmlLink":"use upgrade=websocket where possible"}},{"before":"7a80f004d03200d82bf3e355d8bd9abb9b073123","after":"6f089df6c1455b0978b0668900c7d2368ed491f8","ref":"refs/heads/better-proxy","pushedAt":"2024-09-18T07:06:52.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"use upgrade=websocket where possible","shortMessageHtmlLink":"use upgrade=websocket where possible"}},{"before":null,"after":"7a80f004d03200d82bf3e355d8bd9abb9b073123","ref":"refs/heads/better-proxy","pushedAt":"2024-09-18T07:01:48.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"use upgrade=websocket where possible","shortMessageHtmlLink":"use upgrade=websocket where possible"}},{"before":"f830a03bddba829c3ae995c3b4fe66cf8cdbe0ac","after":"d5d492196368e2c0b0a8a44a146c871ec29ba2ec","ref":"refs/heads/master","pushedAt":"2024-09-10T08:11:36.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"enable CI on pushes to master and stable branches","shortMessageHtmlLink":"enable CI on pushes to master and stable branches"}},{"before":"f28c54ada33cd7612bb63061c70f06d4a9d23cca","after":"60e8c8da7ccd7e487c80ad4c84c42ddd0bfddca3","ref":"refs/heads/24.2-stable","pushedAt":"2024-09-04T15:05:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ekohl","name":"Ewoud Kohl van Wijngaarden","path":"/ekohl","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/155810?s=80&v=4"},"commit":{"message":"Release 24.2.1","shortMessageHtmlLink":"Release 24.2.1"}},{"before":"5f988fa8d5262b33bd639885ba1ee11503249577","after":null,"ref":"refs/heads/24.2-remote-user","pushedAt":"2024-09-04T14:46:54.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"}},{"before":"9cbfb1c458bd5674334bfbe20f4079cba2aad1a4","after":"f28c54ada33cd7612bb63061c70f06d4a9d23cca","ref":"refs/heads/24.2-stable","pushedAt":"2024-09-04T14:46:53.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Unset all possible dash/underscore combinations of REMOTE_USER\n\nWhile the backend will always see underscores, as dashes are not\npermitted in environment variables that are used to pass these along,\nthe frontend should always filter all possible notations, as otherwise\nan attacker could set the \"REMOTE-USER\" header which gets passed as\n\"REMOTE_USER\" unfiltered.\n\nDo the same for REMOTE_USER_* to avoid sneaking in groups that the\nuser does not belong to and other user preferences.\nThis however is only a theoretical attack vector once you can't\nspoof the REMOTE_USER variable anymore.\n\n(cherry picked from commit 80f12290f87d523b9cd01f0164009936fc609865)","shortMessageHtmlLink":"Unset all possible dash/underscore combinations of REMOTE_USER"}},{"before":"80f12290f87d523b9cd01f0164009936fc609865","after":"f830a03bddba829c3ae995c3b4fe66cf8cdbe0ac","ref":"refs/heads/master","pushedAt":"2024-09-04T14:27:12.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ekohl","name":"Ewoud Kohl van Wijngaarden","path":"/ekohl","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/155810?s=80&v=4"},"commit":{"message":"Release 25.2.1","shortMessageHtmlLink":"Release 25.2.1"}},{"before":null,"after":"5f988fa8d5262b33bd639885ba1ee11503249577","ref":"refs/heads/24.2-remote-user","pushedAt":"2024-09-04T14:05:53.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Unset all possible dash/underscore combinations of REMOTE_USER\n\nWhile the backend will always see underscores, as dashes are not\npermitted in environment variables that are used to pass these along,\nthe frontend should always filter all possible notations, as otherwise\nan attacker could set the \"REMOTE-USER\" header which gets passed as\n\"REMOTE_USER\" unfiltered.\n\nDo the same for REMOTE_USER_* to avoid sneaking in groups that the\nuser does not belong to and other user preferences.\nThis however is only a theoretical attack vector once you can't\nspoof the REMOTE_USER variable anymore.\n\n(cherry picked from commit 80f12290f87d523b9cd01f0164009936fc609865)","shortMessageHtmlLink":"Unset all possible dash/underscore combinations of REMOTE_USER"}},{"before":"e1f52ccfd369e4510277b0513b925724eab5fd91","after":null,"ref":"refs/heads/remote-user","pushedAt":"2024-09-04T14:02:37.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"ekohl","name":"Ewoud Kohl van Wijngaarden","path":"/ekohl","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/155810?s=80&v=4"}},{"before":"26f9befd6297fe4fd5d414a31895af0df7a4deb4","after":"80f12290f87d523b9cd01f0164009936fc609865","ref":"refs/heads/master","pushedAt":"2024-09-04T14:02:36.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ekohl","name":"Ewoud Kohl van Wijngaarden","path":"/ekohl","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/155810?s=80&v=4"},"commit":{"message":"Unset all possible dash/underscore combinations of REMOTE_USER\n\nWhile the backend will always see underscores, as dashes are not\npermitted in environment variables that are used to pass these along,\nthe frontend should always filter all possible notations, as otherwise\nan attacker could set the \"REMOTE-USER\" header which gets passed as\n\"REMOTE_USER\" unfiltered.\n\nDo the same for REMOTE_USER_* to avoid sneaking in groups that the\nuser does not belong to and other user preferences.\nThis however is only a theoretical attack vector once you can't\nspoof the REMOTE_USER variable anymore.","shortMessageHtmlLink":"Unset all possible dash/underscore combinations of REMOTE_USER"}},{"before":null,"after":"e1f52ccfd369e4510277b0513b925724eab5fd91","ref":"refs/heads/remote-user","pushedAt":"2024-09-04T13:32:00.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Unset all possible dash/underscore combinations of REMOTE_USER\n\nWhile the backend will always see underscores, as dashes are not\npermitted in environment variables that are used to pass these along,\nthe frontend should always filter all possible notations, as otherwise\nan attacker could set the \"REMOTE-USER\" header which gets passed as\n\"REMOTE_USER\" unfiltered.\n\nDo the same for REMOTE_USER_* to avoid sneaking in groups that the\nuser does not belong to and other user preferences.\nThis however is only a theoretical attack vector once you can't\nspoof the REMOTE_USER variable anymore.","shortMessageHtmlLink":"Unset all possible dash/underscore combinations of REMOTE_USER"}},{"before":"52f83b2bc2288b4c921886b6ec86192f7457d09d","after":"9cbfb1c458bd5674334bfbe20f4079cba2aad1a4","ref":"refs/heads/24.2-stable","pushedAt":"2024-09-03T17:57:01.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"ekohl","name":"Ewoud Kohl van Wijngaarden","path":"/ekohl","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/155810?s=80&v=4"},"commit":{"message":"Update puppet_metadata to ~> 4.0 and voxpupuli-acceptance to ~> 3.0\n\n(cherry picked from commit 5f38479c870ef03a4a1565007be68b61e8950d53)","shortMessageHtmlLink":"Update puppet_metadata to ~&gt; 4.0 and voxpupuli-acceptance to ~&gt; 3.0"}},{"before":null,"after":"52f83b2bc2288b4c921886b6ec86192f7457d09d","ref":"refs/heads/24.2-stable","pushedAt":"2024-09-03T17:08:45.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"ekohl","name":"Ewoud Kohl van Wijngaarden","path":"/ekohl","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/155810?s=80&v=4"},"commit":{"message":"Release 24.2.0","shortMessageHtmlLink":"Release 24.2.0"}},{"before":"a7bf3ec866d4c55926dd91f6ab00a6cf9e89255e","after":null,"ref":"refs/heads/remote-user-615","pushedAt":"2024-08-27T20:27:41.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"}},{"before":null,"after":"a7bf3ec866d4c55926dd91f6ab00a6cf9e89255e","ref":"refs/heads/remote-user-615","pushedAt":"2024-08-27T20:27:21.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Unset all possible dash/underscore combinations of REMOTE_USER\n\nWhile the backend will always see underscores, as dashes are not\npermitted in environment variables that are used to pass these along,\nthe frontend should always filter all possible notations, as otherwise\nan attacker could set the \"REMOTE-USER\" header which gets passed as\n\"REMOTE_USER\" unfiltered.\n\nDo the same for REMOTE_USER_GROUPS to avoid sneaking in groups that the\nuser does not belong to. This however is only a theoretical attack\nvector once you can't spoof the REMOTE_USER variable anymore.","shortMessageHtmlLink":"Unset all possible dash/underscore combinations of REMOTE_USER"}},{"before":"2eb6df8f704b28a36cfff32ec88c3d2380bc220c","after":"26f9befd6297fe4fd5d414a31895af0df7a4deb4","ref":"refs/heads/master","pushedAt":"2024-08-14T17:41:31.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"ekohl","name":"Ewoud Kohl van Wijngaarden","path":"/ekohl","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/155810?s=80&v=4"},"commit":{"message":"Release 25.2.0","shortMessageHtmlLink":"Release 25.2.0"}},{"before":"0b87374736d40c72c5639952a97967751550dc7c","after":"2eb6df8f704b28a36cfff32ec88c3d2380bc220c","ref":"refs/heads/master","pushedAt":"2024-08-13T13:30:08.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"ekohl","name":"Ewoud Kohl van Wijngaarden","path":"/ekohl","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/155810?s=80&v=4"},"commit":{"message":"Fix a typo in a comment","shortMessageHtmlLink":"Fix a typo in a comment"}},{"before":"9c73834c188c15ae9d2d07ccbcb6a9675c4d3ad2","after":null,"ref":"refs/heads/force-facts","pushedAt":"2024-08-13T13:01:30.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"}},{"before":"0bd28c130e04771d57e9ae39e68df206fcda5330","after":"0b87374736d40c72c5639952a97967751550dc7c","ref":"refs/heads/master","pushedAt":"2024-08-13T13:01:28.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Refs #37726 - Allow forcing fact upload when host already exists","shortMessageHtmlLink":"Refs #37726 - Allow forcing fact upload when host already exists"}},{"before":"86de3a6e432f541a1416cdc8eac8e81741225e96","after":"9c73834c188c15ae9d2d07ccbcb6a9675c4d3ad2","ref":"refs/heads/force-facts","pushedAt":"2024-08-13T12:03:21.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Refs #37726 - Allow forcing fact upload when host already exists","shortMessageHtmlLink":"Refs #37726 - Allow forcing fact upload when host already exists"}},{"before":null,"after":"86de3a6e432f541a1416cdc8eac8e81741225e96","ref":"refs/heads/force-facts","pushedAt":"2024-08-13T11:46:04.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"evgeni","name":"Evgeni Golov","path":"/evgeni","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/94284?s=80&v=4"},"commit":{"message":"Allow forcing fact upload when host already exists","shortMessageHtmlLink":"Allow forcing fact upload when host already exists"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEuiA-PQA","startCursor":null,"endCursor":null}},"title":"Activity · theforeman/puppet-foreman"}