Default Branch

4fc79a2d7e · fix(security): block bot user logins (#9368) · Updated 2026-07-07 22:21:37 +02:00

Branches

1d43e152d1 · [WEB-8095] fix: scope page-version reads to the URL project (GHSA-g49r/ghcr) · Updated 2026-07-09 11:30:06 +02:00

0
1

4e0f0b53b0 · [WEB-8075] fix: scope ProjectMemberPermission SAFE_METHODS to project membership · Updated 2026-07-08 13:45:44 +02:00

0
1

2844c1d695 · [WEB-8074] fix: scope IssueListEndpoint to guest created_by · Updated 2026-07-08 13:01:58 +02:00

0
1

04a4f3ea4e · [WEB-8068] refactor: drop unnecessary distinct() from module listing · Updated 2026-07-08 11:53:33 +02:00

0
2

90b6416ebf · [WEB-8066] harden: scope asset project-membership check to the asset's workspace · Updated 2026-07-08 10:33:20 +02:00

0
2

65239689a6 · [WEB-8060] test(security): cover workspace-admin is_active bypass · Updated 2026-07-07 13:46:36 +02:00

2
2

a33795c6ae · [WEB-8019] fix(security): scope CycleIssue reassignment lookup to workspace/project · Updated 2026-07-03 12:53:37 +02:00

2
2

4376c5a267 · [WEB-8017] fix(security): sanitize order_by on external REST API list endpoints · Updated 2026-07-03 12:31:15 +02:00

2
1

c71cc1aa10 · [WEB-8012] fix: prevent ORM group_by/sub_group_by injection in issue endpoints · Updated 2026-07-03 10:16:25 +02:00

2
1

8d51f70006 · fix: add rate limiting to email/password sign-in and sign-up endpoints · Updated 2026-06-30 08:35:19 +02:00

8
1

e6152e3e08 · fix: added missing keys in core.py · Updated 2026-06-29 15:29:08 +02:00

10
2

7d0b33b7e7 · [WEB-7895] fix: scope UserProjectInvitationsViewset to workspace-validated project IDs (GHSA-45hc-q4mw-jhxm) · Updated 2026-06-29 14:04:55 +02:00

9
1

27d66d7209 · fix: CodeRabbit comments · Updated 2026-06-29 07:39:52 +02:00

8
84

4616f5933c · Merge branch 'preview' into git-260/cover-image-fix · Updated 2026-06-29 07:29:43 +02:00

8
2

f5fdc87d61 · fix: PR checks · Updated 2026-06-29 07:25:08 +02:00

8
74

8c5b7fbd06 · chore(api): upgrade Django 4.2 → 5.2 and bump Django ecosystem deps · Updated 2026-06-26 17:57:54 +02:00

9
1

d333d2c6d1 · [WEB-7888] fix: align clickHandler blocked-scheme list with isValidHttpUrl policy · Updated 2026-06-25 09:44:08 +02:00

9
2

a836ec475b · [WEB-7887] fix: normalize MIME type before SCRIPT_CAPABLE_MIME_TYPES check · Updated 2026-06-25 09:07:59 +02:00

9
2

c03149c275 · fix(security): address CR review on project invite token validation · Updated 2026-06-24 14:35:14 +02:00

9
2

3daec9476b · fix(security): add read:user scope to Gitea; fail-closed on absent Google verified_email · Updated 2026-06-24 09:17:16 +02:00

16
2