Headline
CVE-2023-27160: GitHub - forem/forem: For empowering community 🌱
forem up to v2022.11.11 was discovered to contain a Server-Side Request Forgery (SSRF) via the component /articles/{id}. This vulnerability allows attackers to access network resources and sensitive information via a crafted POST request.
Forem 🌱
For Empowering Community
Welcome to the Forem codebase, the platform that powers dev.to. We are so excited to have you. With your help, we can build out Forem’s usability, scalability, and stability to better serve our communities.
What is Forem?
Forem is open source software for building communities. Communities for your peers, customers, fanbases, families, friends, and any other time and space where people need to come together to be part of a collective. See our announcement post for a high-level overview of what Forem is.
dev.to (or just DEV) is hosted by Forem. It is a community of software developers who write articles, take part in discussions, and build their professional profiles. We value supportive and constructive dialogue in the pursuit of great code and career growth for all members. The ecosystem spans from beginner to advanced developers, and all are welcome to find their place within our community. ❤️
Table of Contents
- What is Forem?
- Table of Contents
- Community
- Contributing
- Getting Started
- Prerequisites
- Local
- Containers
- Installation Documentation
- Prerequisites
- Developer Documentation
- Core team
- Vulnerability disclosure
- Acknowledgements
- License
Community
For a place to have open discussions on features, voice your ideas, or get help with general questions please visit our community at forem.dev.
Contributing
We encourage you to contribute to Forem! Please check out the Contributing to Forem guide for guidelines about how to proceed.
Getting Started
This section provides a high-level quick start guide. If you’re looking for a more thorough installation guide (for example with macOS, you’ll want to refer to our complete Developer Documentation.
We run on a Rails backend, and we are currently transitioning to a Preact-first frontend.
A more complete overview of our stack is available in our docs.
To launch Forem in Gitpod, navigate to https://gitpod.io/#https://github.com/{your_github_username}/forem.
Prerequisites****Local
- Ruby: we recommend using rbenv to install the Ruby version listed on the badge.
- Yarn 1.x: please refer to their installation guide.
- PostgreSQL 11 or higher.
- ImageMagick: please refer to ImageMagick’s installation instructions.
- Redis 4 or higher.
Containers
Linux
- Podman 1.9.2 or higher
- Podman Compose 0.1.5 or higher
OS X
- Docker Desktop for Mac
Installation Documentation
Please see our installation guides, such as the one for macOS.
Developer Documentation
Check out our dedicated docs page for more technical documentation.
Core team
- @benhalpern
- @jessleenyc
- @peterkimfrank
- @maestromac
- @lightalloy
- @ridhwana
- @rt4914
- @jaw6
- @lboogie2004
- @klardotsh
Vulnerability disclosure
Forem is the open source software which powers DEV.
We welcome security research on DEV under the terms of our vulnerability disclosure policy.
Acknowledgements
Thank you to the Twemoji project for the usage of their emojis.
License
This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. Please see the LICENSE file in our repository for the full text.
Like many open source projects, we require that contributors provide us with a Contributor License Agreement (CLA). By submitting code to the Forem project, you are granting us a right to use that code under the terms of the CLA.
Our version of the CLA was adapted from the Microsoft Contributor License Agreement, which they generously made available to the public domain under Creative Commons CC0 1.0 Universal.
Any questions, please refer to our license FAQ doc or email [email protected].
Happy Coding ❤️
⬆ Back to Top