* [MM-66789] Fix arbitrary file read vulnerability in advanced logging
Add path validation to prevent reading files outside the logging root
directory via GetAdvancedLogs (used in support packet generation).
Security controls:
- Validate file paths are within logging root before reading
- Support MM_LOG_PATH environment variable to allow system admins
to configure a custom logging root directory
- Resolve symlinks to prevent bypass attacks
- Detect and block path traversal attempts
Also adds:
- Audit logging for support packet generation
- Config-time validation that logs errors for paths outside logging
root (will become blocking in future version)
- Comprehensive test coverage for path validation
* Update server/channels/app/platform/log_test.go
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
* fix linter errors
* Update server/channels/api4/system.go
Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>
* Simplify unit tests for platform/log_test.go by moving some test logic to config/logger_test.go
* Fix unit tests requiring logging root to be set
* enforce LogSettings.FileLocation path validation; simplify path checking
* fix linter errors
* use dir in logging root for all unit test logging
* MM_LOG_PATH is set once, centrally, for all tests
* fix flaky test
* fix flaky test
---------
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Mattermost Build <build@mattermost.com>
Co-authored-by: Ben Schumacher <ben.schumacher@mattermost.com>
It was a good decision in hindsight to keep the public module as 0.x
because this would have been a breaking change again.
https://mattermost.atlassian.net/browse/MM-53032
```release-note
Changed the Go module path from github.com/mattermost/mattermost-server/server/v8 to github.com/mattermost/mattermost/server/v8.
For the public facing module, it's path is also changed from github.com/mattermost/mattermost-server/server/public to github.com/mattermost/mattermost/server/public
```
https://mattermost.atlassian.net/browse/MM-52079
```release-note
We upgrade the module version to 8.0. The new module path is github.com/mattermost-server/server/v8.
```
Co-authored-by: Doug Lauder <wiggin77@warpmail.net>
