Skip to content

[pull] master from mattermost:master #468

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
pull merged 6 commits into from
Jan 29, 2026
Merged

[pull] master from mattermost:master #468

pull merged 6 commits into from
Jan 29, 2026
+2,664 −1,390

Conversation

@pull
Copy link

@pull pull bot commented Jan 29, 2026
edited
Loading

See Commits and Changes for more details.

Created by pull[bot] (v2.0.0-alpha.4)

Can you help keep this open source service alive? 💖 Please sponsor : )

agarciamontoro and others added 6 commits January 29, 2026 14:26
@agarciamontoro @lieut-data @mattermost-build
MM-65970: New way to build routes in Client4 (#34499)
2b075c9 
* Add Client4 route building functions

* Make DoAPIRequestWithHeaders add the API URL

This makes it consistent with the other DoAPIXYZ functions, which all
prepend the provided URL with the client's API URL.

* Use the new route building logic in Client4

* Address review comments

- clean renamed to cleanSegment
- JoinRoutes and JoinSegments joined in Join
- newClientRoute uses Join

* Fix new routes from merge

* Remove unused import

* Simplify error handling around clientRoute (#34870)

---------

Co-authored-by: Jesse Hallam <jesse@mattermost.com>
Co-authored-by: Jesse Hallam <jesse.hallam@gmail.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
@BenCookie95
Use one timeout config for requests to translation providers (#34957)
36173a4
@cpoile
[MM-67202] Validate auth method in account switch (#34981)
168fb51 
* fix account authorization type switch

* improve test clarity

* refactor tests for clarity
@agarciamontoro
MM-67277: Add check to legacy hasher (#35092)
7201f42 
* Add check to legacy hasher

* Make the linter happy
@lieut-data
MM-67274: Fix panic in getBrowserVersion with empty User-Agent version (
1346cf5 
#35098)

* MM-67274: Fix panic in getBrowserVersion with empty User-Agent version

Refactor getBrowserVersion to use a table-driven approach that
centralizes bounds checking, preventing panic when User-Agent strings
contain identifiers like "Mattermost Mobile/" with no version token.

* Refactor user agent tests to use structured test cases

Move expected values into the testUserAgent struct for clarity,
making it easier to see what each test case expects at a glance.
@wiggin77
@mattermost-build @hanzei
MM-66789 Restrict log downloads to a root path for support packets (#…
7f6a98f 
…35014)

* [MM-66789] Fix arbitrary file read vulnerability in advanced logging

  Add path validation to prevent reading files outside the logging root
  directory via GetAdvancedLogs (used in support packet generation).

  Security controls:
  - Validate file paths are within logging root before reading
  - Support MM_LOG_PATH environment variable to allow system admins
    to configure a custom logging root directory
  - Resolve symlinks to prevent bypass attacks
  - Detect and block path traversal attempts

  Also adds:
  - Audit logging for support packet generation
  - Config-time validation that logs errors for paths outside logging
    root (will become blocking in future version)
  - Comprehensive test coverage for path validation

* Update server/channels/app/platform/log_test.go

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* fix linter errors

* Update server/channels/api4/system.go

Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>

* Simplify unit tests for platform/log_test.go by moving some test logic to config/logger_test.go

* Fix unit tests requiring logging root to be set

* enforce LogSettings.FileLocation path validation; simplify path checking

* fix linter errors

* use dir in logging root for all unit test logging

* MM_LOG_PATH is set once, centrally, for all tests

* fix flaky test

* fix flaky test

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>
@pull pull bot locked and limited conversation to collaborators Jan 29, 2026
@pull pull bot added the ⤵️ pull label Jan 29, 2026
@pull pull bot merged commit 7f6a98f into code:master Jan 29, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

⤵️ pull

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@agarciamontoro @BenCookie95 @cpoile @lieut-data @wiggin77