sophie/nuke
1
0
Fork 0
Code Packages 1 Activity Actions
nuke/.github/actions/spelling
History
Xe Iaso 6e4e471792
fix(lib): ensure issued challenges don't get double-spent (#1003) 
* fix(lib): ensure issued challenges don't get double-spent

Closes #1002

TL;DR: challenge IDs were not validated at time of token issuance. A
dedicated attacker could solve a challenge once and reuse it across
multiple sessons in order to mint additional tokens.

With the advent of store based challenge issuance in #749, this means
that these challenge IDs are only good for 30 minutes. Websites using
the most recent version of Anubis have limited exposure to this problem.

Websites using older versions of Anubis have a much more increased
exposure to this problem and are encouraged to keep this software
updated as often and as frequently as possible.

* docs: update CHANGELOG

Signed-off-by: Xe Iaso <me@xeiaso.net>

---------

Signed-off-by: Xe Iaso <me@xeiaso.net>
2025-08-20 12:33:32 -04:00
..
advice.md ci: add check-spelling (#462) 2025-05-09 17:02:41 +00:00
allow.txt fix(lib): block XSS attacks via nonstandard URLs (#904) 2025-07-24 14:05:00 +00:00
candidate.patterns ci: add check-spelling (#462) 2025-05-09 17:02:41 +00:00
excludes.txt test: add smoke test for git clone (#828) 2025-07-14 14:01:03 +00:00
expect.txt fix(lib): ensure issued challenges don't get double-spent (#1003) 2025-08-20 12:33:32 -04:00
line_forbidden.patterns feat: add default OpenGraph tags to configuration file (#694) 2025-06-19 18:00:44 -04:00
patterns.txt fix(lib): block XSS attacks via nonstandard URLs (#904) 2025-07-24 14:05:00 +00:00
README.md ci: add check-spelling (#462) 2025-05-09 17:02:41 +00:00
reject.txt ci: add check-spelling (#462) 2025-05-09 17:02:41 +00:00

README.md

check-spelling/check-spelling configuration

File Purpose Format Info
dictionary.txt Replacement dictionary (creating this file will override the default dictionary) one word per line dictionary
allow.txt Add words to the dictionary one word per line (only letters and 's allowed) allow
reject.txt Remove words from the dictionary (after allow) grep pattern matching whole dictionary words reject
excludes.txt Files to ignore entirely perl regular expression excludes
only.txt Only check matching files (applied after excludes) perl regular expression only
patterns.txt Patterns to ignore from checked lines perl regular expression (order matters, first match wins) patterns
candidate.patterns Patterns that might be worth adding to patterns.txt perl regular expression with optional comment block introductions (all matches will be suggested) candidates
line_forbidden.patterns Patterns to flag in checked lines perl regular expression (order matters, first match wins) patterns
expect.txt Expected words that aren't in the dictionary one word per line (sorted, alphabetically) expect
advice.md Supplement for GitHub comment when unrecognized words are found GitHub Markdown advice

Note: you can replace any of these files with a directory by the same name (minus the suffix) and then include multiple files inside that directory (with that suffix) to merge multiple files together.