Learning/mRemoteNG
1
0
Fork 0
mirror of https://github.com/mRemoteNG/mRemoteNG.git synced 2026-02-26 12:08:37 +08:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

merge into: Learning:copilot/add-host-status-indication
Branches Tags
Learning:v1.77.3-dev Learning:renovate/microsoft.xaml.behaviors.wpf-1.x Learning:renovate/aws-sdk-net-monorepo Learning:v1.78.2-dev Learning:copilot/fix-mremote-rdp-connection-issue Learning:copilot/fix-command-injection-issue Learning:copilot/fix-mremoteng-rdp-resolution Learning:copilot/add-host-status-indication Learning:copilot/fix-caps-lock-keypress-issue Learning:copilot/add-dynamic-tab-naming Learning:copilot/fix-ldap-query-injection Learning:v1.78.1-dev Learning:v1.8-dev Learning:v1.77.2-dev Learning:mRemoteNGProjectFiles Learning:v1.77.2-preview Learning:v1.77.2-release Learning:release/v1.76 Learning:reapply_credential_manager Learning:sharedlibraryng Learning:master Learning:feature/rdm_import Learning:bug/ssh_focus Learning:remove_statics Learning:refactor_rdp
Learning:20260222-v1.78.2-NB-(3405) Learning:20251021-v1.78.2-NB-(3228) Learning:20251018-v1.78.2-NB-(3224) Learning:20251017-v1.78.2-NB-(3221) Learning:20251016-v1.78.2-NB-(3220) Learning:20251007-v1.78.2-NB-(3208) Learning:20251007-v1.78.2-NB-(3207) Learning:20251006-v1.78.2-NB-(3206) Learning:20250916-v1.78.2-NB-(3177) Learning:20250915-v1.78.2-NB-(3176) Learning:20250913-v1.78.2-NB-(3173) Learning:20250909-v1.78.2-NB-(3167) Learning:20250908-v1.78.2-NB-(3166) Learning:20250908-v1.78.2-NB-(3165) Learning:20250819-v1.78.2-NB-(3137) Learning:20250818-v1.78.2-NB-(3136) Learning:20250818-v1.78.2-NB-(3135) Learning:20250815-v1.78.2-NB-(3131) Learning:20250814-v1.78.2-NB-(3130) Learning:20250330-v1.78.2-nb Learning:2025.03.30-v1.78.2-nb Learning:2025.02.05-v1.78.1-nb Learning:v1.78.1-nb Learning:2025.01.27-v1.78.1-nb Learning:2023.03.03-v1.77.3-nb Learning:v1.77.3-nb Learning:20220613-v1.77.3-nb Learning:2022.06.13-v1.77.3-nb Learning:2022.01.07-1.77.2-nb Learning:v1.77.2-nb Learning:1.77.2 Learning:v1.77.2 Learning:v1.77.1 Learning:v1.77.0 Learning:v1.76.20 Learning:v1.76.19 Learning:v1.76.18 Learning:v1.76.17 Learning:v1.76.16 Learning:v1.77Alpha1 Learning:v1.76.15 Learning:v1.76.14 Learning:v1.76.13 Learning:v1.76.12 Learning:v1.76.11 Learning:v1.76.10 Learning:v1.76.9 Learning:v1.76.8 Learning:v1.76.7 Learning:v1.76.6 Learning:v1.76.5 Learning:v1.76Alpha6 Learning:v1.76Alpha5 Learning:v1.76Alpha4 Learning:v1.76Alpha3 Learning:v1.76Alpha2 Learning:v1.76Alpha1 Learning:v1.75.7012 Learning:v1.75.7011 Learning:v1.75.7011.r1 Learning:v1.75.7010 Learning:v1.75.7009 Learning:v1.75Hotfix8 Learning:v1.75Hotfix7 Learning:v1.75Hotifx7 Learning:v1.75Hotfix6 Learning:v1.75Hotfix5 Learning:v1.75Hotfix4 Learning:v1.75Hotfix3 Learning:v1.75Hotfix2 Learning:v1.75Hotfix1 Learning:v1.75 Learning:v1.75RC1 Learning:v1.75Beta3 Learning:v1.75Beta2 Learning:v1.75Beta1 Learning:go-live Learning:v1.75Alpha3 Learning:v1.75Alpha2 Learning:v1.75Aplha1 Learning:v1.74 Learning:v1.74RC3 Learning:1.74RC2 Learning:1.74RC1 Learning:1.74Alpha1 Learning:1.73Beta2 Learning:1.73Beta1 Learning:1.72 Learning:1.71RC3 Learning:1.71 Learning:1.71RC2 Learning:1.71Beta5 Learning:1.71Beta4 Learning:1.71Beta3 Learning:1.71Beta2 Learning:1.70 Learning:1.70RC3 Learning:1.71Beta1 Learning:1.70RC2 Learning:1.70RC1 Learning:1.70Beta2 Learning:1.70Beta1 Learning:1.69RC1 Learning:1.69 Learning:1.68 Learning:1.67 Learning:1.67RC5 Learning:1.67RC4 Learning:1.67RC3 Learning:1.67RC2 Learning:1.67RC1 Learning:1.66 Learning:1.65 Learning:1.64 Learning:1.63 Learning:1.62 Learning:1.61 Learning:1.60 Learning:1.50
...
pull from: Learning:copilot/fix-command-injection-issue
Branches Tags
Learning:renovate/microsoft.xaml.behaviors.wpf-1.x Learning:renovate/aws-sdk-net-monorepo Learning:v1.78.2-dev Learning:copilot/fix-mremote-rdp-connection-issue Learning:copilot/fix-command-injection-issue Learning:copilot/fix-mremoteng-rdp-resolution Learning:copilot/add-host-status-indication Learning:copilot/fix-caps-lock-keypress-issue Learning:copilot/add-dynamic-tab-naming Learning:copilot/fix-ldap-query-injection Learning:v1.77.3-dev Learning:v1.78.1-dev Learning:v1.8-dev Learning:v1.77.2-dev Learning:mRemoteNGProjectFiles Learning:v1.77.2-preview Learning:v1.77.2-release Learning:release/v1.76 Learning:reapply_credential_manager Learning:sharedlibraryng Learning:master Learning:feature/rdm_import Learning:bug/ssh_focus Learning:remove_statics Learning:refactor_rdp
Learning:20260222-v1.78.2-NB-(3405) Learning:20251021-v1.78.2-NB-(3228) Learning:20251018-v1.78.2-NB-(3224) Learning:20251017-v1.78.2-NB-(3221) Learning:20251016-v1.78.2-NB-(3220) Learning:20251007-v1.78.2-NB-(3208) Learning:20251007-v1.78.2-NB-(3207) Learning:20251006-v1.78.2-NB-(3206) Learning:20250916-v1.78.2-NB-(3177) Learning:20250915-v1.78.2-NB-(3176) Learning:20250913-v1.78.2-NB-(3173) Learning:20250909-v1.78.2-NB-(3167) Learning:20250908-v1.78.2-NB-(3166) Learning:20250908-v1.78.2-NB-(3165) Learning:20250819-v1.78.2-NB-(3137) Learning:20250818-v1.78.2-NB-(3136) Learning:20250818-v1.78.2-NB-(3135) Learning:20250815-v1.78.2-NB-(3131) Learning:20250814-v1.78.2-NB-(3130) Learning:20250330-v1.78.2-nb Learning:2025.03.30-v1.78.2-nb Learning:2025.02.05-v1.78.1-nb Learning:v1.78.1-nb Learning:2025.01.27-v1.78.1-nb Learning:2023.03.03-v1.77.3-nb Learning:v1.77.3-nb Learning:20220613-v1.77.3-nb Learning:2022.06.13-v1.77.3-nb Learning:2022.01.07-1.77.2-nb Learning:v1.77.2-nb Learning:1.77.2 Learning:v1.77.2 Learning:v1.77.1 Learning:v1.77.0 Learning:v1.76.20 Learning:v1.76.19 Learning:v1.76.18 Learning:v1.76.17 Learning:v1.76.16 Learning:v1.77Alpha1 Learning:v1.76.15 Learning:v1.76.14 Learning:v1.76.13 Learning:v1.76.12 Learning:v1.76.11 Learning:v1.76.10 Learning:v1.76.9 Learning:v1.76.8 Learning:v1.76.7 Learning:v1.76.6 Learning:v1.76.5 Learning:v1.76Alpha6 Learning:v1.76Alpha5 Learning:v1.76Alpha4 Learning:v1.76Alpha3 Learning:v1.76Alpha2 Learning:v1.76Alpha1 Learning:v1.75.7012 Learning:v1.75.7011 Learning:v1.75.7011.r1 Learning:v1.75.7010 Learning:v1.75.7009 Learning:v1.75Hotfix8 Learning:v1.75Hotfix7 Learning:v1.75Hotifx7 Learning:v1.75Hotfix6 Learning:v1.75Hotfix5 Learning:v1.75Hotfix4 Learning:v1.75Hotfix3 Learning:v1.75Hotfix2 Learning:v1.75Hotfix1 Learning:v1.75 Learning:v1.75RC1 Learning:v1.75Beta3 Learning:v1.75Beta2 Learning:v1.75Beta1 Learning:go-live Learning:v1.75Alpha3 Learning:v1.75Alpha2 Learning:v1.75Aplha1 Learning:v1.74 Learning:v1.74RC3 Learning:1.74RC2 Learning:1.74RC1 Learning:1.74Alpha1 Learning:1.73Beta2 Learning:1.73Beta1 Learning:1.72 Learning:1.71RC3 Learning:1.71 Learning:1.71RC2 Learning:1.71Beta5 Learning:1.71Beta4 Learning:1.71Beta3 Learning:1.71Beta2 Learning:1.70 Learning:1.70RC3 Learning:1.71Beta1 Learning:1.70RC2 Learning:1.70RC1 Learning:1.70Beta2 Learning:1.70Beta1 Learning:1.69RC1 Learning:1.69 Learning:1.68 Learning:1.67 Learning:1.67RC5 Learning:1.67RC4 Learning:1.67RC3 Learning:1.67RC2 Learning:1.67RC1 Learning:1.66 Learning:1.65 Learning:1.64 Learning:1.63 Learning:1.62 Learning:1.61 Learning:1.60 Learning:1.50

11 Commits
copilot/ad ... copilot/fi

Author SHA1 Message Date
copilot-swe-agent[bot]
860a7689c5 Add URL scheme validation to prevent command injection via Process.Start 
- HelpMenu.cs: Add https/http scheme validation to OpenUrl() to prevent
  custom URI scheme exploitation
- UpdateWindow.cs: Add scheme validation alongside existing IsFile/IsUnc/IsLoopback
  checks to only allow http/https URLs
- ProgramRoot.cs: Add https:// prefix validation for network-fetched downloadUrl
  before passing to Process.Start with UseShellExecute=true

Co-authored-by: Kvarkas <3611964+Kvarkas@users.noreply.github.com>
 2026-02-25 17:36:46 +00:00
copilot-swe-agent[bot]
b65686823c Initial plan 2026-02-25 17:29:05 +00:00
Dimitrij
43735b1d04 Merge pull request #3169 from mRemoteNG/renovate/vstest-monorepo 
Update dependency Microsoft.NET.Test.Sdk to 18.3.0
 2026-02-24 17:25:53 +00:00
renovate[bot]
002f6cb290 Update dependency Microsoft.NET.Test.Sdk to 18.3.0 2026-02-24 13:30:48 +00:00
Dimitrij
92c617d442 Merge pull request #3168 from mRemoteNG/renovate/aws-sdk-net-monorepo 
Update aws-sdk-net monorepo
 2026-02-24 10:20:28 +00:00
renovate[bot]
764b96f864 Update aws-sdk-net monorepo 2026-02-23 21:57:17 +00:00
Dimitrij
e30a8ad3f0 Merge pull request #3164 from mRemoteNG/renovate/chromiumembeddedframework.runtime.win-arm64-145.x 
Update dependency chromiumembeddedframework.runtime.win-arm64 to v145
 2026-02-22 16:26:38 +00:00
Dimitrij
1e85969e3a Merge pull request #3165 from mRemoteNG/renovate/chromiumembeddedframework.runtime.win-x64-145.x 
Update dependency chromiumembeddedframework.runtime.win-x64 to v145
 2026-02-22 16:26:24 +00:00
renovate[bot]
1a47bba982 Update dependency chromiumembeddedframework.runtime.win-x64 to v145 2026-02-22 16:24:37 +00:00
renovate[bot]
1cc5f05bf5 Update dependency chromiumembeddedframework.runtime.win-arm64 to v145 2026-02-22 16:24:32 +00:00
Dimitrij
7e0277f85d Update GitHub regex to exclude user-attachments 
allow attachments
 2026-02-22 16:24:08 +00:00
6 changed files with 21 additions and 7 deletions
Expand all files Collapse all files

2
.github/workflows/filter-links.yml vendored
View File

@@ -20,7 +20,7 @@ jobs:
with:
script: |
const githubRepoRegex =
/\[[^\]]*\]\(https?:\/\/github\.com\/[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+[^\s)]*\)|https?:\/\/github\.com\/[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+[^\s)]*/gi;
/\[[^\]]*\]\((?!https?:\/\/github\.com\/user-attachments\/assets\/)[^\)]*https?:\/\/github\.com\/(?!user-attachments\/assets\/)[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+[^\s)]*\)|https?:\/\/github\.com\/(?!user-attachments\/assets\/)[A-Za-z0-9_.-]+\/[A-Za-z0-9_.-]+[^\s)]*/gi;
// CASE 1: Comment
if (context.payload.comment) {

6
Directory.Packages.props
View File

@@ -5,8 +5,8 @@
<NoWarn>$(NoWarn);NU1507;NU1701</NoWarn>
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="AWSSDK.Core" Version="4.0.3.14" />
<PackageVersion Include="AWSSDK.EC2" Version="4.0.76" />
<PackageVersion Include="AWSSDK.Core" Version="4.0.3.15" />
<PackageVersion Include="AWSSDK.EC2" Version="4.0.76.1" />
<PackageVersion Include="BouncyCastle.Cryptography" Version="2.6.2" />
<PackageVersion Include="Castle.Core" Version="5.2.1" />
<PackageVersion Include="ConsoleControl" Version="1.3.0" />
@@ -25,7 +25,7 @@
<PackageVersion Include="Microsoft.Data.SqlClient.SNI.runtime" Version="6.0.2" />
<PackageVersion Include="Microsoft.Extensions.DependencyModel" Version="10.0.3" />
<PackageVersion Include="Microsoft.Extensions.Configuration.UserSecrets" Version="10.0.3" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="18.3.0" />
<PackageVersion Include="Microsoft.NETCore.Platforms" Version="7.0.4" />
<PackageVersion Include="Microsoft.NETCore.Targets" Version="5.0.0" />
<PackageVersion Include="Microsoft.VisualStudio.TextTemplating.VSHost" Version="17.14.40265" />

4
mRemoteNG/App/ProgramRoot.cs
View File

@@ -64,7 +64,9 @@ namespace mRemoteNG.App
{
try
{
Process.Start(new ProcessStartInfo(fileName: downloadUrl) { UseShellExecute = true });
if (!string.IsNullOrEmpty(downloadUrl) &&
downloadUrl.StartsWith("https://", StringComparison.OrdinalIgnoreCase))
Process.Start(new ProcessStartInfo(fileName: downloadUrl) { UseShellExecute = true });
}
catch (Exception ex)
{

5
mRemoteNG/UI/Menu/msMain/HelpMenu.cs
View File

@@ -204,6 +204,11 @@ namespace mRemoteNG.UI.Menu
private static void OpenUrl(string url)
{
if (string.IsNullOrWhiteSpace(url) ||
(!url.StartsWith("https://", StringComparison.OrdinalIgnoreCase) &&
!url.StartsWith("http://", StringComparison.OrdinalIgnoreCase)))
return;
var startInfo = new ProcessStartInfo
{
FileName = url,

7
mRemoteNG/UI/Window/UpdateWindow.cs
View File

@@ -99,6 +99,13 @@ namespace mRemoteNG.UI.Window
return;
}
// Only allow http/https URLs to prevent exploitation via custom URI schemes
if (!linkUri.Scheme.Equals("https", StringComparison.OrdinalIgnoreCase) &&
!linkUri.Scheme.Equals("http", StringComparison.OrdinalIgnoreCase))
{
return;
}
var startInfo = new ProcessStartInfo
{
FileName = linkUri.ToString(),

4
mRemoteNG/mRemoteNG.csproj
View File

@@ -553,10 +553,10 @@
</EmbeddedResource>
</ItemGroup>
<ItemGroup>
<PackageReference Update="chromiumembeddedframework.runtime.win-x64" Version="144.0.12" />
<PackageReference Update="chromiumembeddedframework.runtime.win-x64" Version="145.0.26" />
</ItemGroup>
<ItemGroup Condition="'$(Platform)'=='arm64'">
<PackageReference Update="chromiumembeddedframework.runtime.win-arm64" Version="144.0.12" />
<PackageReference Update="chromiumembeddedframework.runtime.win-arm64" Version="145.0.26" />
</ItemGroup>
<ItemGroup>
<Service Include="{508349b6-6b84-4df5-91f0-309beebad82d}" />