Merge branch 'master' into hotfix/SqlPartitioningRepository_hotfix_partition_already_pending_detach_in_partitioned_table

3 years ago · ff7de838fd
3 changed files with 42 additions and 1 deletions
--- a/msa/tb/docker-cassandra/Dockerfile
+++ b/msa/tb/docker-cassandra/Dockerfile
@ -47,7 +47,7 @@ RUN apt-get update \
    && apt-get install -y --no-install-recommends wget nmap procps gnupg2 \
    && echo "deb http://apt.postgresql.org/pub/repos/apt/ $(. /etc/os-release && echo -n $VERSION_CODENAME)-pgdg main" | tee --append /etc/apt/sources.list.d/pgdg.list > /dev/null \
    && wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O- | apt-key add - \
-    && echo 'deb http://downloads.apache.org/cassandra/debian 40x main' | tee --append /etc/apt/sources.list.d/cassandra.list > /dev/null \
+    && echo "deb https://debian.cassandra.apache.org 40x main" | tee -a /etc/apt/sources.list.d/cassandra.sources.list > /dev/null \
    && wget -q https://downloads.apache.org/cassandra/KEYS -O- | apt-key add - \
    && apt-get update \
    && apt-get install -y --no-install-recommends cassandra cassandra-tools postgresql-${PG_MAJOR} \
--- a/security.md
+++ b/security.md
@ -0,0 +1,17 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Thingsboard privately,
+to minimize attacks against current users of Thingsboard before they are fixed. Vulnerabilities will be investigated and release as soon as possible.
+
+To report a vulnerability or a security-related issue, please email the private address security@thingsboard.io with the details of the vulnerability.
+Emails will be addressed within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime.
+Do not report non-security-impacting bugs through this channel. Use GitHub issues instead.
+
+**Proposed Email Content**
+Provide a descriptive subject line and in the body of the email include the following information:
+
+- Basic identity information, such as your name and your affiliation or company.
+- Detailed steps to reproduce the vulnerability (log errors, screenshots are all helpful to us).
+- Description of the effects of the vulnerability on Thingsboard.
--- a/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js
+++ b/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js
@ -5026,6 +5026,21 @@ var JSHINT = (function() {
      return that;
    }, 20);
  }
+  function nullSafeProperty(s) {
+    console.log("test " + s);
+    symbol(s, 20).exps = true;
+    return infix(s, function(context, left, that) {
+      if (state.option.bitwise) {
+        warning("W016", that, that.id);
+      }
+
+      checkLeftSideAssign(context, left, that);
+
+      that.right = expression(context, 10);
+
+      return that;
+    }, 20);
+  }
  function suffix(s) {
    var x = symbol(s, 150);

@ -5539,6 +5554,9 @@ var JSHINT = (function() {
  bitwiseassignop("<<=");
  bitwiseassignop(">>=");
  bitwiseassignop(">>>=");
+
+  nullSafeProperty(".?");
+
  infix(",", function(context, left, that) {
    if (state.option.nocomma) {
      warning("W127", that);
@ -9450,6 +9468,12 @@ Lexer.prototype = {

    switch (ch1) {
    case ".":
+      if (ch1 === "." && this.peek(1) === "?") {
+        return {
+          type: Token.Punctuator,
+          value: ".?"
+        };
+      }
      if ((/^[0-9]$/).test(this.peek(1))) {
        return null;
      }