From 1d00e18583c0d481d506cbd96f8e8f5a24df7d29 Mon Sep 17 00:00:00 2001
From: dashevchenko <dshevchenko@thingsboard.io>
Date: Mon, 15 May 2023 17:50:08 +0300
Subject: [PATCH 1/5] added security.md

---
 security.md | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 security.md

diff --git a/security.md b/security.md
new file mode 100644
index 0000000000..2f4658997f
--- /dev/null
+++ b/security.md
@@ -0,0 +1,19 @@
+# Security Policy
+
+## Reporting a Vulnerability
+
+Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Thingsbpard privately,
+to minimize attacks against current users of Thingsboard before they are fixed. Vulnerabilities will be investigated and release as soon as possible.
+
+To report a vulnerability or a security-related issue, please email the private address security@thingsboard.io with the details of the vulnerability.
+Emails will be addressed within 3 business days, including a detailed plan to investigate the issue and any potential workarounds to perform in the meantime.
+Do not report non-security-impacting bugs through this channel. Use GitHub issues instead.
+
+**Proposed Email Content**
+Provide a descriptive subject line and in the body of the email include the following information:
+
+Basic identity information, such as your name and your affiliation or company.
+Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and compressed packet captures are all helpful to us).
+Description of the effects of the vulnerability on Thingsboard and the related hardware and software configurations, so that the Thingsboarf Security Team can reproduce it.
+How the vulnerability affects Thingsboard usage and an estimation of the attack surface, if there is one.
+List other projects or dependencies that were used in conjunction with Thingsboard to produce the vulnerability.
\ No newline at end of file

From 0ffafeb4734305f807d33a5d172fcf9c3238fc3b Mon Sep 17 00:00:00 2001
From: dashevchenko <dshevchenko@thingsboard.io>
Date: Mon, 15 May 2023 17:59:04 +0300
Subject: [PATCH 2/5] updated security.md

---
 security.md | 8 +++-----
 1 file changed, 3 insertions(+), 5 deletions(-)

diff --git a/security.md b/security.md
index 2f4658997f..02ceedff96 100644
--- a/security.md
+++ b/security.md
@@ -12,8 +12,6 @@ Do not report non-security-impacting bugs through this channel. Use GitHub issue
 **Proposed Email Content**
 Provide a descriptive subject line and in the body of the email include the following information:
 
-Basic identity information, such as your name and your affiliation or company.
-Detailed steps to reproduce the vulnerability (POC scripts, screenshots, and compressed packet captures are all helpful to us).
-Description of the effects of the vulnerability on Thingsboard and the related hardware and software configurations, so that the Thingsboarf Security Team can reproduce it.
-How the vulnerability affects Thingsboard usage and an estimation of the attack surface, if there is one.
-List other projects or dependencies that were used in conjunction with Thingsboard to produce the vulnerability.
\ No newline at end of file
+- Basic identity information, such as your name and your affiliation or company.
+- Detailed steps to reproduce the vulnerability (log errors, screenshots are all helpful to us).
+- Description of the effects of the vulnerability on Thingsboard.
\ No newline at end of file

From 5f515c89059916e52ccf5bd0d2a0eb0f6aacbf86 Mon Sep 17 00:00:00 2001
From: nickAS21 <nick@thingsboard.io>
Date: Tue, 16 May 2023 14:40:49 +0300
Subject: [PATCH 3/5] tbel: ffix bug, Incorrect validation syntax with null
 field property

---
 .../app/shared/models/ace/tbel/worker-tbel.js | 24 +++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js b/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js
index c309eb38aa..bc22e806c3 100644
--- a/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js
+++ b/ui-ngx/src/app/shared/models/ace/tbel/worker-tbel.js
@@ -5026,6 +5026,21 @@ var JSHINT = (function() {
       return that;
     }, 20);
   }
+  function nullSafeProperty(s) {
+    console.log("test " + s);
+    symbol(s, 20).exps = true;
+    return infix(s, function(context, left, that) {
+      if (state.option.bitwise) {
+        warning("W016", that, that.id);
+      }
+
+      checkLeftSideAssign(context, left, that);
+
+      that.right = expression(context, 10);
+
+      return that;
+    }, 20);
+  }
   function suffix(s) {
     var x = symbol(s, 150);
 
@@ -5539,6 +5554,9 @@ var JSHINT = (function() {
   bitwiseassignop("<<=");
   bitwiseassignop(">>=");
   bitwiseassignop(">>>=");
+
+  nullSafeProperty(".?");
+
   infix(",", function(context, left, that) {
     if (state.option.nocomma) {
       warning("W127", that);
@@ -9450,6 +9468,12 @@ Lexer.prototype = {
 
     switch (ch1) {
     case ".":
+      if (ch1 === "." && this.peek(1) === "?") {
+        return {
+          type: Token.Punctuator,
+          value: ".?"
+        };
+      }
       if ((/^[0-9]$/).test(this.peek(1))) {
         return null;
       }

From 61b4614ea7ec2ec7bc69d4536efd31ea412e525c Mon Sep 17 00:00:00 2001
From: dashevchenko <dshevchenko@thingsboard.io>
Date: Tue, 16 May 2023 17:33:26 +0300
Subject: [PATCH 4/5] fixed typo

---
 security.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security.md b/security.md
index 02ceedff96..9f917e5f00 100644
--- a/security.md
+++ b/security.md
@@ -2,7 +2,7 @@
 
 ## Reporting a Vulnerability
 
-Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Thingsbpard privately,
+Security is of the highest importance and all security vulnerabilities or suspected security vulnerabilities should be reported to Thingsboard privately,
 to minimize attacks against current users of Thingsboard before they are fixed. Vulnerabilities will be investigated and release as soon as possible.
 
 To report a vulnerability or a security-related issue, please email the private address security@thingsboard.io with the details of the vulnerability.

From 726805b13ae5db4f4d173e4015acc20be7169037 Mon Sep 17 00:00:00 2001
From: Sergey Matvienko <smatvienko@thingsboard.io>
Date: Wed, 17 May 2023 11:29:14 +0200
Subject: [PATCH 5/5] updated cassandra source list according official
 documentation

---
 msa/tb/docker-cassandra/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/msa/tb/docker-cassandra/Dockerfile b/msa/tb/docker-cassandra/Dockerfile
index 896825ffd0..2f23aec399 100644
--- a/msa/tb/docker-cassandra/Dockerfile
+++ b/msa/tb/docker-cassandra/Dockerfile
@@ -47,7 +47,7 @@ RUN apt-get update \
     && apt-get install -y --no-install-recommends wget nmap procps gnupg2 \
     && echo "deb http://apt.postgresql.org/pub/repos/apt/ $(. /etc/os-release && echo -n $VERSION_CODENAME)-pgdg main" | tee --append /etc/apt/sources.list.d/pgdg.list > /dev/null \
     && wget -q https://www.postgresql.org/media/keys/ACCC4CF8.asc -O- | apt-key add - \
-    && echo 'deb http://downloads.apache.org/cassandra/debian 40x main' | tee --append /etc/apt/sources.list.d/cassandra.list > /dev/null \
+    && echo "deb https://debian.cassandra.apache.org 40x main" | tee -a /etc/apt/sources.list.d/cassandra.sources.list > /dev/null \
     && wget -q https://downloads.apache.org/cassandra/KEYS -O- | apt-key add - \
     && apt-get update \
     && apt-get install -y --no-install-recommends cassandra cassandra-tools postgresql-${PG_MAJOR} \