ragflow

yujunjun/ragflow

Fork 0

mirror of https://github.com/infiniflow/ragflow.git synced 2025-06-26 22:19:57 +00:00

Commit Graph

Author	SHA1	Message	Date
Zhichang Yu	6b23308f26	Added kibana (#2286 ) Added kibana to make elastic management easier. PR #1710 did this. PR #1714 revert this. This PR did again and fix some bugs. - [x] Bug Fix (non-breaking change which fixes an issue) - [x] New Feature (non-breaking change which adds functionality)	2024-09-06 16:02:44 +08:00
William957-web	9fcf9a10c6	Update SECURITY.md (#1248 ) ### What problem does this PR solve? ### Type of change - [x] Documentation Update	2024-06-24 16:30:17 +08:00
William957-web	d185a2e7f2	Create SECURITY.md (#1241 ) ### What problem does this PR solve? The restricted_loads function at [api/utils/init.py#L215](https://github.com/infiniflow/ragflow/blob/main/api/utils/__init__.py#L215) is still vulnerable leading via code execution. The main reson is that numpy module has a numpy.f2py.diagnose.run_command function directly execute commands, but the restricted_loads function allows users import functions in module numpy. ### Additional Details [https://github.com/infiniflow/ragflow/issues/1240](https://github.com/infiniflow/ragflow/issues/1240) ### Type of change - [ ] Bug Fix (non-breaking change which fixes an issue) - [ ] New Feature (non-breaking change which adds functionality) - [ ] Documentation Update - [ ] Refactoring - [ ] Performance Improvement - [ ] Other (please describe):	2024-06-24 10:14:57 +08:00

Author

SHA1

Message

Date

Zhichang Yu

6b23308f26

Added kibana (#2286 )

Added kibana to make elastic management easier.
PR #1710 did this. 
PR #1714 revert this.
This PR did again and fix some bugs.

- [x] Bug Fix (non-breaking change which fixes an issue)
- [x] New Feature (non-breaking change which adds functionality)

2024-09-06 16:02:44 +08:00

William957-web

9fcf9a10c6

Update SECURITY.md (#1248 )

### What problem does this PR solve?

### Type of change

- [x] Documentation Update

2024-06-24 16:30:17 +08:00

William957-web

d185a2e7f2

Create SECURITY.md (#1241 )

### What problem does this PR solve?

The restricted_loads function at
[api/utils/init.py#L215](https://github.com/infiniflow/ragflow/blob/main/api/utils/__init__.py#L215)
is still vulnerable leading via code execution. The main reson is that
numpy module has a numpy.f2py.diagnose.run_command function directly
execute commands, but the restricted_loads function allows users import
functions in module numpy.

### Additional Details

[https://github.com/infiniflow/ragflow/issues/1240](https://github.com/infiniflow/ragflow/issues/1240)

### Type of change

- [ ] Bug Fix (non-breaking change which fixes an issue)
- [ ] New Feature (non-breaking change which adds functionality)
- [ ] Documentation Update
- [ ] Refactoring
- [ ] Performance Improvement
- [ ] Other (please describe):

2024-06-24 10:14:57 +08:00

3 Commits