Merge branch 'develop'

itk-dev · Aug 19, 2024 · 06c0fa4 · 06c0fa4
2 parents 709b169 + 0571965
commit 06c0fa4
Show file tree

Hide file tree

Showing 79 changed files with 1,631 additions and 1,268 deletions.
diff --git a/.docker/nginx.conf b/.docker/nginx.conf
@@ -1,6 +1,6 @@
 worker_processes  auto;
 
-error_log  /var/log/nginx/error.log notice;
+error_log  /dev/stderr notice;
 pid        /tmp/nginx.pid;
 
 events {
@@ -26,11 +26,9 @@ http {
                       '$status $body_bytes_sent "$http_referer" '
                       '"$http_user_agent" "$http_x_forwarded_for"';
 
-    access_log  /var/log/nginx/access.log main;
+    access_log  /dev/stdout main;
 
     sendfile        on;
-    #tcp_nopush     on;
-
     keepalive_timeout  65;
 
     gzip  on;

diff --git a/.docker/templates/default.conf.template b/.docker/templates/default.conf.template
@@ -0,0 +1,94 @@
+server {
+    listen ${NGINX_PORT};
+    server_name localhost;
+
+    root ${NGINX_WEB_ROOT};
+
+    client_max_body_size ${NGINX_MAX_BODY_SIZE};
+
+    location = /favicon.ico {
+        log_not_found off;
+        access_log off;
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
+        access_log off;
+    }
+
+    location ~* \.(txt|log)$ {
+        deny all;
+    }
+
+    location ~ \..*/.*\.php$ {
+        return 403;
+    }
+
+    location ~ ^/sites/.*/private/ {
+        return 403;
+    }
+
+    # Block access to scripts in site files directory
+    location ~ ^/sites/[^/]+/files/.*\.php$ {
+        deny all;
+    }
+
+    # Block access to "hidden" files and directories whose names begin with a
+    # period.
+    location ~ (^|/)\. {
+        return 403;
+    }
+
+    location / {
+        try_files $uri /index.php?$query_string;
+    }
+
+    location @rewrite {
+        rewrite ^ /index.php;
+    }
+
+    # Don't allow direct access to PHP files in the vendor directory.
+    location ~ /vendor/.*\.php$ {
+        deny all;
+        return 404;
+    }
+
+    # Protect files and directories from prying eyes.
+    location ~* \.(engine|inc|install|make|module|profile|po|sh|.*sql|.tar|.gz|.bz2|theme|twig|tpl(\.php)?|xtmpl|yml)(~|\.sw[op]|\.bak|\.orig|\.save)?$|^(\.(?!well-known).*|Entries.*|Repository|Root|Tag|Template|composer\.(json|lock)|web\.config)$|^#.*#$|\.php(~|\.sw[op]|\.bak|\.orig|\.save)$ {
+        deny all;
+        return 404;
+    }
+
+    location ~ '\.php$|^/update.php' {
+        include fastcgi_params;
+
+        fastcgi_buffers 16 32k;
+        fastcgi_buffer_size 64k;
+        fastcgi_busy_buffers_size 64k;
+
+        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
+
+        # Ensure the php file exists. Mitigates CVE-2019-11043
+        try_files $fastcgi_script_name =404;
+
+        fastcgi_param HTTP_PROXY "";
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $fastcgi_path_info;
+        fastcgi_param QUERY_STRING $query_string;
+
+        fastcgi_intercept_errors on;
+        fastcgi_pass ${NGINX_FPM_SERVICE};
+    }
+
+    # Enforce clean URLs
+    #
+    # Removes index.php from urls like www.example.com/index.php/my-page --> www.example.com/my-page
+    # Could be done with 301 for permanent or other redirect codes.
+    if ($request_uri ~* "^(.*/)index\.php/(.*)") {
+        return 307 $1$2;
+    }
+
+    error_log /dev/stderr;
+    access_log /dev/stdout main;
+}
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,19 @@ Versioning](https://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
 
+## [4.5.0] - 2024-08-19
+
+* [PR-412](https://github.com/itk-dev/hoeringsportal/pull/412)
+  * Upgrade drupal core 10.2.7 and contrib modules
+  * Disable migrate_subject_data module
+  * Remove deprecated webmozart/path-util package
+* [PR-411](https://github.com/itk-dev/hoeringsportal/pull/411)
+  Fix paragraph spacing
+* [PR-409](https://github.com/itk-dev/hoeringsportal/pull/409)
+  Enabled and configured log_stdout
+* [PR-410](https://github.com/itk-dev/hoeringsportal/pull/410)
+  Added ClamAv module and docker containers to run it
+
 ## [4.4.1] - 2024-08-05
 
 * [PR-413](https://github.com/itk-dev/hoeringsportal/pull/413)
@@ -97,6 +110,11 @@ Versioning](https://semver.org/spec/v2.0.0.html).
 * [PR-376](https://github.com/itk-dev/hoeringsportal/pull/376)
   Added GIS map token
 
+## [3.5.4] -2023-11-10
+
+* [PR-367](https://github.com/itk-dev/hoeringsportal/pull/367)
+  Added and used Editor Advanced link
+
 ## [3.5.3] - 2023-11-08
 
 * [PR-370](https://github.com/itk-dev/hoeringsportal/pull/370)
@@ -217,7 +235,8 @@ Updated drupal core 8.6.16
 
 Initial release
 
-[Unreleased]: https://github.com/itk-dev/hoeringsportal/compare/4.4.1...HEAD
+[Unreleased]: https://github.com/itk-dev/hoeringsportal/compare/4.5.0...HEAD
+[4.5.0]: https://github.com/itk-dev/hoeringsportal/compare/4.4.1...4.5.0
 [4.4.1]: https://github.com/itk-dev/hoeringsportal/compare/4.4.0...4.4.1
 [4.4.0]: https://github.com/itk-dev/hoeringsportal/compare/4.3.0...4.4.0
 [4.3.0]: https://github.com/itk-dev/hoeringsportal/compare/4.2.2...4.3.0

diff --git a/composer.json b/composer.json
@@ -113,6 +113,7 @@
         "drupal/better_social_sharing_buttons": "^4.0",
         "drupal/block_content_suggestions": "^1.0",
         "drupal/captcha": "^2.0",
+        "drupal/clamav": "^2.0",
         "drupal/color_field": "^3.0",
         "drupal/config_ignore": "^3.2",
         "drupal/config_import_locale": "^2.0",
@@ -137,6 +138,7 @@
         "drupal/image_widget_crop": "^2.2",
         "drupal/inline_entity_form": "^3.0",
         "drupal/jquery_ui_accordion": "^2.0",
+        "drupal/log_stdout": "^1.5",
         "drupal/maxlength": "^2.1",
         "drupal/openid_connect": "^3.0@alpha",
         "drupal/paragraphs": "^1.3",
@@ -163,8 +165,7 @@
         "onelogin/php-saml": "^4.0",
         "oomphinc/composer-installers-extender": "^2.0",
         "vlucas/phpdotenv": "^2.4",
-        "webflo/drupal-finder": "^1.0.0",
-        "webmozart/path-util": "^2.3"
+        "webflo/drupal-finder": "^1.0.0"
     },
     "require-dev": {
         "drupal/content_fixtures": "^3.1",
@@ -276,9 +277,6 @@
             },
             "drupal/core": {
                 "Text format wrapper does not take description_display into account (https://www.drupal.org/project/drupal/issues/2421445#comment-14328645)": "https://www.drupal.org/files/issues/2021-12-03/2421445-18_0.patch"
-            },
-            "drupal/publication_date": {
-                "https://www.drupal.org/project/publication_date/issues/3328575": "https://www.drupal.org/files/issues/2023-05-31/3328575-5-fix-bux-publicate-date.patch"
             }
         }
     }