• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In
You are now the owner of this repo.

umputun / remark42
84%

Build:
DEFAULT BRANCH: master
Repo Added 07 Feb 2020 09:18PM UTC
Token eqCnozHBf54UGZ8kokrZbOvkEkhZY23aj regen
Build 1584 Last
Files 50
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

LAST BUILD ON BRANCH master
branch: SELECT
CHANGE BRANCH
x
Sync Branches
  • No branch selected
  • 32/code-colors-styles
  • 965-fix-error-on-restricted-words
  • Ksinia/master
  • add-api-sdk
  • add-cssnano
  • add-module-type
  • add-security-headers
  • admin-edit
  • admin_email_notifications
  • ak/cleanup-comment-form
  • ak/compose-button-styles
  • ak/raw-content-styles
  • ak/update-node
  • akellbl4/editorconfig
  • aliksend/reduce-number-of-symbols-in-tg-message
  • anon-names
  • autofill-email-for-subscription
  • battle-net-oauth2
  • blackfriday
  • bluemonday-bump
  • bump-deps
  • bump_ci_go_version
  • bump_lcw
  • bump_modules
  • bump_tollbooth
  • ci-workflows
  • code-colors
  • code_cleanup
  • commento-import
  • configurable-microsoft-tenant
  • copilot/sub-pr-1995
  • dependabot/github_actions/github-actions-updates-8173ff9682
  • dependabot/go_modules/backend/_example/memory_store/github.com/go-chi/chi/v5-5.2.2
  • dependabot/go_modules/backend/_example/memory_store/golang.org/x/crypto-0.45.0
  • dependabot/go_modules/backend/_example/memory_store/golang.org/x/image-0.5.0
  • dependabot/go_modules/backend/_example/memory_store/golang.org/x/net-0.38.0
  • dependabot/go_modules/backend/_example/memory_store/golang.org/x/net-0.7.0
  • dependabot/go_modules/backend/github.com/golang-jwt/jwt/v5-5.2.2
  • dependabot/go_modules/backend/github.com/redis/go-redis/v9-9.7.3
  • dependabot/go_modules/backend/go-modules-updates-3d96251ff3
  • dependabot/go_modules/backend/go-modules-updates-75c1c3f47e
  • dependabot/go_modules/backend/go-modules-updates-76e35b2467
  • dependabot/go_modules/backend/go-modules-updates-81f599025a
  • dependabot/go_modules/backend/go-modules-updates-e61953c257
  • dependabot/go_modules/backend/go-modules-updates-f692995c50
  • dependabot/go_modules/backend/golang.org/x/crypto-0.45.0
  • dependabot/go_modules/backend/golang.org/x/net-0.36.0
  • dependabot/go_modules/backend/google.golang.org/protobuf-1.33.0
  • dependabot/npm_and_yarn/frontend/apps/remark42/npm-modules-updates-33950cb83c
  • dependabot/npm_and_yarn/frontend/apps/remark42/npm-modules-updates-for-tests-da749204ba
  • dependabot/npm_and_yarn/frontend/e2e/npm-modules-updates-for-tests-32faa27b51
  • dependabot/npm_and_yarn/frontend/packages/api/npm-modules-updates-for-tests-f28c5bd690
  • dependabot/npm_and_yarn/frontend/playwright-1.55.1
  • dependabot/npm_and_yarn/site/braces-3.0.3
  • dependabot/npm_and_yarn/site/ejs-3.1.10
  • dependabot/npm_and_yarn/site/js-yaml-3.14.2
  • dependabot/npm_and_yarn/site/luxon-2.5.2
  • dependabot/npm_and_yarn/site/micromatch-4.0.8
  • dependabot/npm_and_yarn/site/nanoid-3.3.8
  • dependabot/npm_and_yarn/site/node-fetch-3.2.10
  • dependabot/npm_and_yarn/site/npm-modules-updates-for-tests-284cb22f28
  • dependabot/npm_and_yarn/site/npm-modules-updates-for-tests-87ff55c30d
  • dependabot/npm_and_yarn/site/ws-8.17.1
  • deps-bump
  • disqus-empty-username-bug
  • disqus-fix
  • distributed_cache
  • docker-native-arm64-runners
  • docker_bump
  • docs/edit-time-zero-behavior
  • docs/placeholder-1990
  • docs/telegram-group-notifications
  • dverhoturov/docker
  • dverhoturov/docker_ci_build
  • dverhoturov/privatePreview
  • dverhoturov/renew_image_on_load
  • dverhoturov/validate_image_before_post
  • e2e
  • editorconfig-double-quotes-yml
  • email-encode-subject
  • email-from-display-name
  • examples-ci-issue
  • feat/custom-oauth2-provider
  • feature/comment-approval
  • fix-admin-names
  • fix-deprecated-flags
  • fix-iframe-resize
  • fix-img-submit-import-stuck
  • fix-negative-comments-count
  • fix/auth-send-jwt-header
  • fix/frontend-css-cleanup
  • fix/quick-fixes-1946-1991-1996
  • fix/security-ipv6-ssrf
  • fix/writeheader-renderjson-bug-1979
  • fix_error_wrap
  • fix_memory_store_tests_panic
  • fix_unclosed_body
  • frame-ancestors
  • frontend-infrastructure
  • full-text-search
  • generate-telegram-translations
  • github_golangci_lint
  • go-1.14
  • go-1.17
  • go-consistent
  • gocritic
  • golangci-lint-v2-migration
  • harden-deploy-permissions
  • hide-vote-iphash
  • image-rpc
  • image_interface_fixes
  • img_commit_on_start
  • img_fixes
  • img_route_verification
  • img_types
  • jwt-migration
  • lazy-image
  • links-rune
  • listen-address
  • master
  • migrate-to-testing-library
  • mkdocs
  • move-email-templates-to-separate-files
  • move-subscribe-ui-elements
  • named-exports
  • new-auth
  • packages
  • paskal/CWE-918
  • paskal/allow_dash_in_email_siteid
  • paskal/allowed_domains_exact_match
  • paskal/allowed_hosts
  • paskal/apple
  • paskal/apple_bad_key_test
  • paskal/apple_frontend
  • paskal/aud_per_site
  • paskal/auth_fixes
  • paskal/better_info
  • paskal/borderless_qr
  • paskal/bump-ci
  • paskal/bump_actions
  • paskal/bump_auth
  • paskal/bump_chroma
  • paskal/bump_dependencies
  • paskal/bump_go_modules
  • paskal/bump_golangci_lint
  • paskal/bump_mockery
  • paskal/bump_modules
  • paskal/bump_tollbooth
  • paskal/chi_render
  • paskal/clarify_cache_for_frontend
  • paskal/clarify_commands
  • paskal/clarify_docs
  • paskal/clarify_email_notifications
  • paskal/clarify_notifications
  • paskal/clarify_password
  • paskal/clean_stream
  • paskal/clean_title_and_username
  • paskal/cleanup_images_on_delete
  • paskal/close_body
  • paskal/comment_validation
  • paskal/commento_url
  • paskal/comments_pagination
  • paskal/consistent_info
  • paskal/csp
  • paskal/data_race
  • paskal/datastore_info_combine
  • paskal/debug_verify
  • paskal/dependabot
  • paskal/deprecate_twitter
  • paskal/deprecated_notifications
  • paskal/deprecated_params
  • paskal/deprecation_update
  • paskal/dev_provider
  • paskal/disable_md_sanitize
  • paskal/discord_poc
  • paskal/doc_split
  • paskal/docker-compose
  • paskal/docker_labels
  • paskal/docs
  • paskal/docs_from_wiki
  • paskal/duplicate_types
  • paskal/easy_subscription
  • paskal/email
  • paskal/email_login_auth
  • paskal/email_subscription_post
  • paskal/err_fix
  • paskal/find_tests
  • paskal/fix_avatar_types
  • paskal/fix_backup_error
  • paskal/fix_commento_import
  • paskal/fix_docker
  • paskal/fix_double_close
  • paskal/fix_email_templates
  • paskal/fix_golangci_lint
  • paskal/fix_image_proxy
  • paskal/fix_img_src_CSP
  • paskal/fix_links
  • paskal/fix_log
  • paskal/fix_logout
  • paskal/fix_notify_deprecation
  • paskal/fix_refresh_tokens_cache
  • paskal/fix_telegram_auth
  • paskal/fix_telegram_cli
  • paskal/fix_telegram_escape
  • paskal/fix_telegram_format
  • paskal/fix_ticker
  • paskal/fix_timeout
  • paskal/fix_variable
  • paskal/fix_webhook_json
  • paskal/generic_fixes
  • paskal/get_rid_of_dockerhub
  • paskal/go_embed
  • paskal/go_embed_templates
  • paskal/golangci-lint-update
  • paskal/golangci_lint
  • paskal/golangci_lint_v2
  • paskal/golangcilint_bump
  • paskal/image_proxy_blacklist
  • paskal/improve_docker_build
  • paskal/improve_get_user
  • paskal/improve_server_test
  • paskal/improve_telegram_flow
  • paskal/improve_telegram_notify
  • paskal/improve_tests
  • paskal/increase_timeout
  • paskal/jwt_v5
  • paskal/lcw_v2
  • paskal/md_ci
  • paskal/min_comment_size
  • paskal/modules_update
  • paskal/moq
  • paskal/multiple-admin-emails
  • paskal/new_errors
  • paskal/new_telegram_key
  • paskal/no_getstarted
  • paskal/no_mod_vendor
  • paskal/no_path
  • paskal/notifications_rework
  • paskal/notify
  • paskal/notify-drops-tail
  • paskal/notify_drops_test
  • paskal/notify_improvements
  • paskal/notify_migration
  • paskal/optimise_images
  • paskal/pagination_fixes
  • paskal/params
  • paskal/pngcrush
  • paskal/privatePreview
  • paskal/proper_site_id
  • paskal/raw_quotes
  • paskal/readonly_find_test
  • paskal/recursive_email_notifications
  • paskal/remove-deprecated-func
  • paskal/remove_common_shared_secret
  • paskal/remove_deprecated_param
  • paskal/remove_put
  • paskal/renew_cache_on_delete
  • paskal/rpc_panic
  • paskal/secret-clarify
  • paskal/send_jwt_header
  • paskal/simlify_boltdb_info
  • paskal/simplify_admin_emails
  • paskal/simplify_extract_pictures
  • paskal/siteid_dot
  • paskal/small_improvements
  • paskal/telegram-update
  • paskal/telegram_auth
  • paskal/telegram_channel
  • paskal/telegram_notifications
  • paskal/telegram_notify
  • paskal/telegram_notify_clarity
  • paskal/telegram_notify_params
  • paskal/test_user_replies
  • paskal/tests
  • paskal/tests_cleanup
  • paskal/tg_qr
  • paskal/token_instructions
  • paskal/twitter_blockquote_class
  • paskal/typos
  • paskal/update-go-modules
  • paskal/update-gopkgz
  • paskal/update-images
  • paskal/update_discreet_variables
  • paskal/update_doc
  • paskal/update_dockerfiles
  • paskal/update_go
  • paskal/update_modules
  • paskal/user_detail_telegram
  • patch-1
  • patch-2
  • patreon-auth
  • pkgs-rename
  • postmessage-to-child
  • proxy_image_commit
  • proxy_images
  • refactor-before-search
  • refs/tags/backend/v1.10.0
  • refs/tags/backend/v1.11.0
  • refs/tags/backend/v1.11.2
  • refs/tags/backend/v1.11.3
  • refs/tags/backend/v1.12.0
  • refs/tags/backend/v1.13.0
  • refs/tags/backend/v1.13.1
  • refs/tags/backend/v1.14.0
  • refs/tags/backend/v1.6.0
  • refs/tags/backend/v1.6.1
  • refs/tags/backend/v1.7.0
  • refs/tags/backend/v1.7.1
  • refs/tags/backend/v1.8.1
  • refs/tags/backend/v1.9.0
  • refs/tags/backend/v1/11/3
  • refs/tags/v.1.9.0
  • refs/tags/v1.10.0
  • refs/tags/v1.10.1
  • refs/tags/v1.11.0
  • refs/tags/v1.11.1
  • refs/tags/v1.11.2
  • refs/tags/v1.11.3
  • refs/tags/v1.12.0
  • refs/tags/v1.12.1
  • refs/tags/v1.13.0
  • refs/tags/v1.13.1
  • refs/tags/v1.14.0
  • refs/tags/v1.15.0
  • refs/tags/v1.30.0
  • refs/tags/v1.6.0
  • refs/tags/v1.6.1
  • refs/tags/v1.7.0
  • refs/tags/v1.7.1
  • refs/tags/v1.8.0
  • refs/tags/v1.8.1
  • refs/tags/v1.9.0
  • refs/tags/v1.9.1
  • refs/tags/v1.9.2
  • remark42-pr-fix-quotedprintable-buff-flush
  • remark42-pr-fix-smtp-newclient
  • remove-redundant-frame-ancestors-log
  • remove_golangci_conf
  • remove_unused_cache
  • same-site
  • sameip-correction-vote-728
  • sanitize-hotfix-1.6
  • sanitize-loactor
  • simplify_img_storage
  • site
  • site_email_notifications
  • small-improvements
  • switch-to-pnpm
  • switch_to_lcw
  • termination_fix
  • tests_fixes
  • tests_golangci_lint
  • unsinitize
  • upd-backend-deps
  • update-comments
  • update-docs-1.7
  • update-go-version
  • update-repeater-v2
  • use-packages
  • user-comments-empy-200
  • user-info
  • valid-email-auth
  • webhook-notify
  • workspaces

28 Feb 2026 10:13AM UTC coverage: 84.394% (-0.04%) from 84.437%
22518735198

push

github

umputun
fix: IPv6 address truncation and image proxy SSRF vulnerabilities

Replace strings.Split(RemoteAddr, ":") with net.SplitHostPort for correct
IPv6 address extraction in vote deduplication and comment IP tracking.

Harden image proxy: add SSRF-safe transport blocking private/reserved IPs
at connection time with DNS rebinding protection, sanitize error messages
to prevent information leakage, add response size limit via io.LimitReader.

Fix shadowed error variables in BlockedUsers, SetTitle, and Delete methods.
Exclude gosec taint analysis false positives at linter config level.

71 of 96 new or added lines in 7 files covered. (73.96%)

6165 of 7305 relevant lines covered (84.39%)

34.72 hits per line

Relevant lines Covered
Build:
Build:
7305 RELEVANT LINES 6165 COVERED LINES
34.72 HITS PER LINE
Source Files on master
  • Tree
  • List 50
  • Changed 3
  • Source Changed 0
  • Coverage Changed 3
Coverage ∆ File Lines Relevant Covered Missed Hits/Line

Recent builds

Builds Branch Commit Type Ran Committer Via Coverage
22518735198 master fix: IPv6 address truncation and image proxy SSRF vulnerabilities Replace strings.Split(RemoteAddr, ":") with net.SplitHostPort for correct IPv6 address extraction in vote deduplication and comment IP tracking. Harden image proxy: add SSRF-safe ... push 28 Feb 2026 10:16AM UTC umputun github
84.39
22518679443 fix/security-ipv6-ssrf fix: IPv6 address truncation and image proxy SSRF vulnerabilities Replace strings.Split(RemoteAddr, ":") with net.SplitHostPort for correct IPv6 address extraction in vote deduplication and comment IP tracking. Harden image proxy: add SSRF-safe ... Pull #2016 28 Feb 2026 10:12AM UTC umputun github
84.39
22319900634 fix/frontend-css-cleanup frontend: fix CSS bugs and replace deprecated properties Bugs fixed: - comment-votes.module.css: add missing comma between transition values; without it the shorthand was invalid and colour transitions on vote buttons were silently ignored ... Pull #2012 23 Feb 2026 07:17PM UTC paskal github
84.44
22288132772 master Document EDIT_TIME=0 behavior in parameters Setting edit-time to 0 disables both comment editing and staged image cleanup. push 22 Feb 2026 11:56PM UTC umputun github
84.44
22287472733 docs/edit-time-zero-behavior Document EDIT_TIME=0 behavior in parameters Setting edit-time to 0 disables both comment editing and staged image cleanup. Pull #2010 22 Feb 2026 11:15PM UTC paskal github
84.44
22285184019 docs/placeholder-1990 docs: document placeholder support in the remark42 div (#1990) Clarify that any content placed inside the `<div id="remark42">` is automatically removed once the iframe signals it has initialised. Update all code examples across getting-started, ... Pull #2009 22 Feb 2026 08:58PM UTC paskal github
84.44
22036885120 feat/custom-oauth2-provider feat: add configurable custom OAuth2 provider and icons Pull #2006 22 Feb 2026 08:54PM UTC alexma233 github
84.08
22268682587 master Add X-Content-Type-Options and Referrer-Policy security headers Add two missing security headers to the existing securityHeadersMiddleware: - X-Content-Type-Options: nosniff — prevents browsers from MIME-sniffing responses away from the declar... push 22 Feb 2026 02:17AM UTC umputun github
84.44
22267151693 add-security-headers Add X-Content-Type-Options and Referrer-Policy security headers Add two missing security headers to the existing securityHeadersMiddleware: - X-Content-Type-Options: nosniff — prevents browsers from MIME-sniffing responses away from the declar... Pull #2008 22 Feb 2026 12:25AM UTC paskal github
84.41
22266556249 harden-deploy-permissions Drop GitHub token permissions on deploy jobs Deploy jobs only curl an external updater URL and need no GitHub API access. Without an explicit permissions block they inherit the workflow default, which may include contents:write, packages:write, e... Pull #2007 21 Feb 2026 11:41PM UTC paskal github
84.43
See All Builds (1549)
  • Settings
  • Repo on GitHub
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc