Default Branch

dc9d80b2d2 · [WEB-8060] fix(security): enforce authz on is_active member (de)activation (#9367) · Updated 2026-07-09 15:07:39 +02:00

Branches

9783bbeeb0 · [WEB-8103] fix: stop leaking webhook HMAC secret_key on reads (GHSA-83rj) · Updated 2026-07-09 12:42:45 +02:00

7
1

8882731a15 · [WEB-8095] fix: distinct() on page-version detail lookup as a MultipleObjectsReturned guard · Updated 2026-07-09 12:12:32 +02:00

0
1

4e0f0b53b0 · [WEB-8075] fix: scope ProjectMemberPermission SAFE_METHODS to project membership · Updated 2026-07-08 13:45:44 +02:00

0
1

2844c1d695 · [WEB-8074] fix: scope IssueListEndpoint to guest created_by · Updated 2026-07-08 13:01:58 +02:00

0
1

04a4f3ea4e · [WEB-8068] refactor: drop unnecessary distinct() from module listing · Updated 2026-07-08 11:53:33 +02:00

0
2

90b6416ebf · [WEB-8066] harden: scope asset project-membership check to the asset's workspace · Updated 2026-07-08 10:33:20 +02:00

0
2

c71cc1aa10 · [WEB-8012] fix: prevent ORM group_by/sub_group_by injection in issue endpoints · Updated 2026-07-03 10:16:25 +02:00

2
1

8d51f70006 · fix: add rate limiting to email/password sign-in and sign-up endpoints · Updated 2026-06-30 08:35:19 +02:00

8
1

e6152e3e08 · fix: added missing keys in core.py · Updated 2026-06-29 15:29:08 +02:00

10
2

27d66d7209 · fix: CodeRabbit comments · Updated 2026-06-29 07:39:52 +02:00

8
84

4616f5933c · Merge branch 'preview' into git-260/cover-image-fix · Updated 2026-06-29 07:29:43 +02:00

8
2

f5fdc87d61 · fix: PR checks · Updated 2026-06-29 07:25:08 +02:00

8
74

8c5b7fbd06 · chore(api): upgrade Django 4.2 → 5.2 and bump Django ecosystem deps · Updated 2026-06-26 17:57:54 +02:00

9
1

a836ec475b · [WEB-7887] fix: normalize MIME type before SCRIPT_CAPABLE_MIME_TYPES check · Updated 2026-06-25 09:07:59 +02:00

9
2

6c9dbb5043 · [WEB-7787] fix(security): block deactivated user login and fix WorkspaceOwnerPermission (#9290) · Updated 2026-06-23 14:40:40 +02:00

17
0
Included

f8a918e995 · fix(api): clamp Space asset size to a valid lower bound · Updated 2026-06-16 13:33:03 +02:00

33
2

38db42e389 · fix(api): address PR review + resolve merge conflict in asset duplicate endpoint · Updated 2026-06-15 07:37:37 +02:00

35
4

3d488a62ac · refactor: delete hook (use-issue-embed) from web/app/ce · Updated 2026-06-05 16:24:00 +02:00

39
26

b8d9efe5b6 · DOCS for work continuation · Updated 2026-06-05 10:27:08 +02:00

43
37

628b910cf0 · [GIT-221] fix(cycle): guard against no end_date when archiving cycle · Updated 2026-06-03 12:49:57 +02:00

43
1