WARNING: THIS SITE IS A MIRROR OF GITHUB.COM / IT CANNOT LOGIN OR REGISTER ACCOUNTS / THE CONTENTS ARE PROVIDED AS-IS / THIS SITE ASSUMES NO RESPONSIBILITY FOR ANY DISPLAYED CONTENT OR LINKS / IF YOU FOUND SOMETHING MAY NOT GOOD FOR EVERYONE, CONTACT ADMIN AT ilovescratch@foxmail.com
Skip to content

perf(kanvas): lazy-load non-critical sections and reduce unused JavaS… #7146

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Azizah2023 wants to merge 7 commits into
base: master
Choose a base branch
from
+216 −74
Open

perf(kanvas): lazy-load non-critical sections and reduce unused JavaS… #7146

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
84a664c
perf(kanvas): lazy-load non-critical sections and reduce unused JavaS…
Azizah2023 Nov 23, 2025
014680e
perf(kanvas): lazy-load non-critical sections
Azizah2023 Nov 23, 2025
3c1d691
Merge branch 'master' into perf/kanvas-lazy-load
Azizah2023 Nov 30, 2025
8ae9e01
perf(kanvas): lazy-load non-critical sections
Azizah2023 Nov 23, 2025
590dd4b
Merge branch 'master' into perf/kanvas-lazy-load
Azizah2023 Dec 1, 2025
ce8d838
Merge branch 'master' into perf/kanvas-lazy-load
Azizah2023 Dec 1, 2025
c2a0efd
Merge branch 'master' into perf/kanvas-lazy-load
leecalcote Dec 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

234 changes: 175 additions & 59 deletions src/sections/Community/Handbook/security-vulnerabilities.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,41 +23,56 @@ const SecurityVulnerabilitiesPage = () => {
<div className="page-section">
<Container>
<div className="content">
<h2 className="heading-top">Reporting a vulnerability</h2><br />
<p>We are very grateful to the security researchers and users that report security vulnerabilities. We investigate each report thoroughly.</p>
<p>To make a report, send an email to the private <a href="mailto:[email protected]">[email protected]</a> mailing list with the vulnerability details. For normal product bugs unrelated to latent security vulnerabilities, please head to the appropriate repository and submit a <a href="https://github.com/layer5io/layer5/issues/new/choose">new issue</a> .</p>
<h2 className="heading-top">Reporting a vulnerability</h2>
<br />
<p>
We are very grateful to the security researchers and users that
report security vulnerabilities. We investigate each report
thoroughly.
</p>
<p>
To make a report, send an email to the private{" "}
<a href="mailto:[email protected]">
[email protected]
</a>{" "}
mailing list with the vulnerability details. For normal product
bugs unrelated to latent security vulnerabilities, please head to
the appropriate repository and submit a{" "}
<a href="https://github.com/layer5io/layer5/issues/new/choose">
new issue
</a>
.
</p>
<p>Note that the Layer5 community spans six GitHub organizations:</p>

<ul className="project-org-list">
<li>
<a href="https://github.com/layer5io">
<img
src={layer5icon}
alt="layer5 icon"
/>
<img src={layer5icon} alt="layer5 icon" />
&nbsp; Layer5
</a>
- established projects like GetNighthawk, community with MeshMates, a catch-all org.
</a>{" "}
- established projects like GetNighthawk, community with
MeshMates, a catch-all org.
</li>

<li>
<a href="https://github.com/meshery">
<img
src={meshery}
alt="meshery icon"
/>
<img src={meshery} alt="meshery icon" />
&nbsp; Meshery
</a>
- Meshery and its components Meshery Operator
</a>{" "}
- Meshery and its components Meshery Operator
<img
src={MesheryOperator}
alt="Meshery Operator logo"
style={{ marginLeft: ".3rem" }}
/> and MeshSync
/>{" "}
and MeshSync
<img
src={MeshSync}
alt="mesh sync icon"
style={{ marginLeft: ".3rem" }}
/>.
/>
.
</li>

<li>
Expand All @@ -67,52 +82,68 @@ const SecurityVulnerabilitiesPage = () => {
alt="cloud native performance logo"
/>
&nbsp; Cloud Native Performance
</a>
- Cloud Native Performance specification and site.
</a>{" "}
- Cloud Native Performance specification and site.
</li>

<li>
<a href="https://github.com/service-mesh-patterns">
<img
src={servicemeshpattern}
alt="cloud native patterns logo"
/>
&nbsp; Cloud Native Patterns
</a>
- a collection of curated patterns of cloud native use cases compatible with Meshery.
</a>{" "}
- a collection of curated patterns of cloud native use cases
compatible with Meshery.
</li>

<li>
<a href="https://github.com/layer5labs">
<img
src={layer5icon}
alt="Layer5 logo"
/>
<img src={layer5icon} alt="Layer5 logo" />
&nbsp; Layer5 Labs
</a>
- emerging projects and Meshery extensions, like
</a>{" "}
- emerging projects and Meshery extensions, like
<img
src={Kanvas}
alt="Kanvas logo"
style={{ marginLeft: ".3rem" }}
/>Kanvas.
/>
Kanvas.
</li>

<li>
<a href="https://github.com/meshery-extensions">
<img
src={mesheryextension}
alt="meshery extension icon"
/>
&nbsp; Meshery Extensions
</a>
- plugins or add-ons providing extra functionalities that can be used to customize, extend and integrate with other tools and services.
</a>{" "}
- plugins or add-ons providing extra functionalities that can be
used to customize, extend and integrate with other tools and
services.
</li>
</ul>
<p>You can find the list of all the Layer5 project repositories <a href="https://layer5.io/community/handbook/repository-overview">here</a></p>

<p>
You can find the list of all the Layer5 project repositories{" "}
<a href="https://layer5.io/community/handbook/repository-overview">
here
</a>
</p>

<h3>When to report a security vulnerability?</h3>
<p>Send us a report whenever you:</p>
<ul>
<li>Think Layer5 projects have a potential security vulnerability.</li>
<li>Are unsure whether or how a vulnerability affects the project.</li>
<li>Think a vulnerability is present in another project that Layer5 projects depends on (Docker for example).</li>
<li>
Are unsure whether or how a vulnerability affects the project.
</li>
<li>
Think a vulnerability is present in another project that Layer5
projects depends on (Docker for example).
</li>
</ul>

<h3>When not to report a security vulnerability?</h3>
Expand All @@ -122,67 +153,152 @@ const SecurityVulnerabilitiesPage = () => {
<li>You need help applying security related updates.</li>
<li>Your issue is not security related.</li>
</ul>
<p>Instead, join the community <a href="https://slack.layer5.io/">Slack</a> and ask questions.</p>
<p>
Instead, join the community{" "}
<a href="https://slack.layer5.io/">Slack</a> and ask questions.
</p>

<h3>Evaluation</h3>
<p>The Layer5 team acknowledges and analyzes each vulnerability report within 10 working days.</p>
<p>
The Layer5 team acknowledges and analyzes each vulnerability
report within 10 working days.
</p>

<p>Any vulnerability information you share with the Layer5 team stays within the respective Layer5 project. We don’t disseminate the information to other projects. We only share the information as needed to fix the issue.</p>
<p>
Any vulnerability information you share with the Layer5 team stays
within the respective Layer5 project. We don’t disseminate the
information to other projects. We only share the information as
needed to fix the issue.
</p>

<p>We keep the reporter updated as the status of the security issue is addressed.</p>
<p>
We keep the reporter updated as the status of the security issue
is addressed.
</p>

<h3>Fixing the issue</h3>
<p>Once a security vulnerability has been fully characterized, a fix is developed by the Layer5 team. The development and testing for the fix happens in a private GitHub repository in order to prevent premature disclosure of the vulnerability.</p>
<p>
Once a security vulnerability has been fully characterized, a fix
is developed by the Layer5 team. The development and testing for
the fix happens in a private GitHub repository in order to prevent
premature disclosure of the vulnerability.
</p>

<h3>Early disclosures</h3>
<p>The Layer5 project maintains a mailing list for private early disclosure of security vulnerabilities. The list is used to provide actionable information to close Layer5 partners. The list is not intended for individuals to find out about security issues.</p>
<p>
The Layer5 project maintains a mailing list for private early
disclosure of security vulnerabilities. The list is used to
provide actionable information to close Layer5 partners. The list
is not intended for individuals to find out about security issues.
</p>

<h3>Public disclosures</h3>
<p>On the day chosen for public disclosure, a sequence of activities takes place as quickly as possible:</p>
<p>
On the day chosen for public disclosure, a sequence of activities
takes place as quickly as possible:
</p>
<ul>
<li>Changes are merged from the private GitHub repository holding the fix into the appropriate set of public branches.</li>
<li>Layer5 team ensures all necessary binaries are promptly built and published.</li>
<li>Once the binaries are available, an announcement is sent out on the following channels:
<li>
Changes are merged from the private GitHub repository holding
the fix into the appropriate set of public branches.
</li>
<li>
Layer5 team ensures all necessary binaries are promptly built
and published.
</li>
<li>
Once the binaries are available, an announcement is sent out on
the following channels:
<ul>
<li>The <a href="https://layer5.io/blog">Layer5 blog</a></li>
<li>The <a href="https://twitter.com/layer5">Layer5 Twitter feed</a></li>
<li>The <a href="https://layer5io.slack.com/archives/CSF3PSZT9">#announcements</a> channel on community <a href="https://slack.layer5.io/">Slack</a></li>
<li>
The{" "}
<a href="https://layer5.io/blog">Layer5 blog</a>
</li>
<li>
The{" "}
<a href="https://twitter.com/layer5">Layer5 Twitter feed</a>
</li>
<li>
The{" "}
<a href="https://layer5io.slack.com/archives/CSF3PSZT9">
#announcements
</a>{" "}
channel on community{" "}
<a href="https://slack.layer5.io/">Slack</a>
</li>
</ul>
</li>
</ul>
<p>As much as possible this announcement will be actionable, and include any mitigating steps customers can take prior to upgrading to a fixed version.</p>
<p>
As much as possible this announcement will be actionable, and
include any mitigating steps customers can take prior to upgrading
to a fixed version.
</p>

<h2>List of Announced Vulnerabilities:</h2>

<div className="table-container">
<table>
<thead>
<tr>
<th><b>DATE ANNOUNCED</b></th>
<th><b>CVE ID</b></th>
<th><b>DESCRIPTION</b></th>
<th><b>AFFECTED COMPONENT</b></th>
<th><b>VULNERABLE VERSION</b></th>
<th><b>PATCHED VERSION</b></th>
<th><b>FIX DETAILS</b></th>
<th><b>LINKS</b></th>
<th>
<b>DATE ANNOUNCED</b>
</th>
<th>
<b>CVE ID</b>
</th>
<th>
<b>DESCRIPTION</b>
</th>
<th>
<b>AFFECTED COMPONENT</b>
</th>
<th>
<b>VULNERABLE VERSION</b>
</th>
<th>
<b>PATCHED VERSION</b>
</th>
<th>
<b>FIX DETAILS</b>
</th>
<th>
<b>LINKS</b>
</th>
</tr>
</thead>
<tbody>
<tr>
<td>2021-04-28</td>
<td>CVE-2021-31856</td>
<td>A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in GetMesheryPatterns in models/meshery_pattern_persister.go).</td>
<td>
A SQL Injection vulnerability in the REST API in Layer5
Meshery 0.5.2 allows an attacker to execute arbitrary SQL
commands via the /experimental/patternfiles endpoint
(order parameter in GetMesheryPatterns in
models/meshery_pattern_persister.go).
</td>
<td>REST API</td>
<td>v0.5.2</td>
<td>v0.5.3</td>
<td><a href="https://github.com/layer5io/meshery/pull/2745">fix pull</a></td>
<td><a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31856">mitre</a>, <a href="https://github.com/ssst0n3/CVE-2021-31856">details</a></td>
<td>
<a href="https://github.com/layer5io/meshery/pull/2745">
fix pull
</a>
</td>
<td>
<a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31856">
mitre
</a>
,{" "}
<a href="https://github.com/ssst0n3/CVE-2021-31856">
details
</a>
</td>
</tr>
</tbody>
</table>
</div>

</div>
</Container>
</div>
Expand Down
3 changes: 2 additions & 1 deletion src/sections/Community/Web-based-from/index.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,8 +29,9 @@ const validatePictureUrl = (value) => {
new URL(value);
const allowedImageExtensions = ["jpg", "jpeg", "png", "webp", "svg", "gif"];
const extension = value.split(".").pop().toLowerCase();

if (!allowedImageExtensions.includes(extension)) {
error = "URL must point to an image file (jpg, jpeg, png, svg, webp or gif).";
return "URL must point to an image file (jpg, jpeg, png, svg, webp or gif).";
}
} catch (err) {
console.error("Error in validatePictureUrl:", err);
Expand Down
Loading
Loading