Mirrors/plane
1
0
Fork 0
mirror of https://github.com/makeplane/plane.git synced 2026-02-24 04:00:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,896 Commits 547 Branches 53 Tags
v1.2.2
Commit Graph

6896 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
sriram veeraghanta
f53446340b fix: Member Information Disclosure via Public Endpoint #8646 v1.2.2 2026-02-20 18:33:45 +05:30
sriram veeraghanta
9070acbbe8 fix: IDOR Vulnerabilities in Asset & Attachment Endpoints (#8644) 
* fix: idor issues in project assets and issue attachements

* fix: comments
 2026-02-20 18:02:12 +05:30
Sangeetha
b5fe8a2825 [WEB-6194]migration: added archived_at in IssueView #8641 
* migration: added archived_at in IssueView

* fix: lint
 2026-02-17 19:06:13 +05:30
Sangeetha
c4b3d52466 [WEB-5878] chore: add validation for project name/identifier for special characters (#8529) 
* chore: update ProjectSerializer to raise validation for special characters in name and identifier

* chore: update external endpoints

* fix: external api serializer validation

* update serializer to send error code

* fix: move the regex expression to Project model
 2026-02-17 00:49:02 +05:30
b-saikrishnakanth
f0dcf66167 [WEB-5917] fix: generate clean plain text from HTML email template #8535 2026-02-17 00:44:52 +05:30
Prateek Shourya
e9b011896d [VPAT-27] chore(security): disable autocomplete on sensitive input fields #8517 
Disable autocomplete on authentication and security-related forms to prevent
browsers from storing sensitive credentials. This affects sign-in, password
reset, account security, and onboarding forms across admin, web, and space apps.

Modified components:
- Auth forms (email, password, unique code, forgot/reset/set password)
- Account security pages
- Instance setup and profile onboarding
- Shared UI components (auth-input, password-input)
 2026-02-17 00:43:35 +05:30
Anmol Singh Bhatia
d3c6e5ec94 [WEB-5827] fix: persist external cover image URLs (Unsplash) in project updates #8482 2026-02-17 00:21:43 +05:30
Prateek Shourya
e10deb10f2 [VPAT-16] improvement: add file validation to prevent malicious uploads #8493 
Add client-side checks for double extensions, dangerous file types,
dot files, and path traversal patterns. Addresses security audit
recommendations for file upload validation.
 2026-02-17 00:21:21 +05:30
Prateek Shourya
49fc6aa0a0 [VPAT-55] chore(security): implement input validation across authentication and workspace forms (#8528) 
* chore(security): implement input validation across authentication and workspace forms

  - Add OWASP-compliant autocomplete attributes to all auth input fields
  - Create centralized validation utilities blocking injection-risk characters
  - Apply validation to names, display names, workspace names, and slugs
  - Block special characters: < > ' " % # { } [ ] * ^ !
  - Secure sensitive input fields across admin, web, and space apps

* chore: add missing workspace name validation to settings and admin forms

* feat: enhance validation regex for international names and usernames

- Updated regex patterns to support Unicode characters for person names, display names, company names, and slugs.
- Improved validation functions to block injection-risk characters in names and slugs.
 2026-02-17 00:18:46 +05:30
Anmol Singh Bhatia
55e89cb8fc [WEB-5863] fix: estimate point input validation #8492 
Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
 2026-02-17 00:12:33 +05:30
Vamsi Krishna
4d1e6c499f [WEB-5829] fix: Intake open work count (#8547) 
* fix: open intake count at sidebar header

* chore: reverted inbox store arguments to core store

* fix: intake count update
 2026-02-17 00:05:20 +05:30
Sangeetha
3a99ecf8f3 [WEB-5871] chore: added intake count for projects (#8497) 
* chore: add intake_count in project list endpoint

* chore: sidebar project navigation intake count added

* fix: filter out closed intake issues in the count

* chore: code refactor

* chore: code refactor

* fix: filter out deleted intake issues

---------

Co-authored-by: Anmol Singh Bhatia <anmolsinghbhatia@plane.so>
 2026-02-17 00:04:03 +05:30
Dheeraj Kumar Ketireddy
ef5d481a19 [VPAT-51] fix: update workspace invitation flow to use token for validation #8508 
- Modified the invite link to include a token for enhanced security.
- Updated the WorkspaceJoinEndpoint to validate the token instead of the email.
- Adjusted the workspace invitation task to generate links with the token.
- Refactored the frontend to handle token in the invitation process.

Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
 2026-02-17 00:02:18 +05:30
Dheeraj Kumar Ketireddy
c8a800104c [SILO-820] fix: update serializer for module detail API endpoint to use ModuleUpdateSerializer (#8496) 2026-02-17 00:01:33 +05:30
Anmol Singh Bhatia
e92b835869 [WEB-5873] fix: user avatar ui consistency (#8495) 
* fix: user avatar ui consistency

* chore: code refactor
 2026-02-13 19:04:57 +05:30
Cornelius
7e5b5066c5 Update translations.ts: issue-artifacts discoverd (#7979) 2026-02-13 19:04:02 +05:30
Jayash Tripathy
53b3358a63 [GIT-44] refactor(auth): add PASSWORD_TOO_WEAK error code (#8522) 
* refactor(auth): add PASSWORD_TOO_WEAK error code and update related error handling in password change flow

* fix(auth): update import to use type for EAuthenticationErrorCodes in security page

* Update apps/web/app/(all)/profile/security/page.tsx

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update apps/web/app/(all)/[workspaceSlug]/(settings)/settings/account/security/page.tsx

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* refactor: updated auth error exception accross zxcvbn usages

* fix: improve error handling for password strength validation and update error messages

* i18n(ru): update Russian translations for stickies and automation description

Added translation for 'stickies' and improved formatting of the automation description in Russian locale.

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-13 18:51:33 +05:30
Anmol Singh Bhatia
bf521b7b03 [WEB-1201] chore: dropdown options hierarchy improvements (#8501) 
* chore: sortBySelectedFirst and sortByCurrentUserThenSelected utils added

* chore: members dropdown updated

* chore: module dropdown updated

* chore: project and label dropdown updated

* chore: code refactor
 2026-02-13 18:50:18 +05:30
Anmol Singh Bhatia
7607cc9b10 [WEB-5884] chore: layout loader enhancements #8500 2026-02-13 18:49:53 +05:30
Aaryan Khandelwal
d497304de5 refactor: table drag preview using decorations (#8597) 
* refactor: table drag preview using decorations

* fix: history meta for table drag state
 2026-02-13 17:59:37 +05:30
Anmol Singh Bhatia
8fa08b2506 [GIT-57 | WEB-5912] fix: app sidebar ux and responsiveness (#8560) 
* fix: project extended sidebar accordion ux

* fix: app sidebar mobile responsiveness ux

* chore: code refactor
 2026-02-13 17:43:07 +05:30
sriram veeraghanta
efc600ad8c chore(deps): update axios dependency 2026-02-13 16:35:16 +05:30
stelmsk
a3a1d141cb i18n(ru): expand Russian translation coverage (#8603) 
Added missing translations for:
- Profile preferences (language, timezone settings)
- Account settings sections (preferences, notifications, security, api-tokens, activity)
- Workspace settings (billing, exports, webhooks headings/descriptions)
- Project settings (states, labels, estimates, automations headings/descriptions)
- Power-K command palette (contextual actions, navigation, creation, preferences, help)
- Sidebar elements (stickies, your_work, pin/unpin)
- Common actions (copy_markdown, overview)
- Navigation customization options
 2026-02-13 16:30:33 +05:30
sriram veeraghanta
dfce8c6278 chore: admin folder structure (#8632) 
* chore: admin folder structure

* fix: copy right check and formatting

* fix: types
 2026-02-13 16:29:45 +05:30
Vamsi Krishna
fab84eb058 [WEB-5899]fix: project sort order (#8530) 
* fix: project sort order

* chore: updated queryset for sort_order
 2026-02-13 15:52:22 +05:30
Vipin Chaudhary
60734b25ba [WIKI-877] fix: order of this dropdown options in pages #8563 2026-02-13 15:49:10 +05:30
Sangeetha
cd613e5f8f [SECUR-105] fix: csv injection vulnerability sanitization #8611 2026-02-13 15:37:13 +05:30
Anmol Singh Bhatia
a8d81656fc [WEB-6137] fix: work item peek view outside click #8610 2026-02-12 16:28:51 +05:30
Anmol Singh Bhatia
dbe059b7b5 fix: workitem description input inital load (#8617) 2026-02-12 14:03:01 +05:30
Anmol Singh Bhatia
c93f9fc865 [WEB-6038] fix: work item empty title flicker #8618 2026-02-12 13:35:08 +05:30
Akshat Jain
bcc8fb4d1d style: update ASCII art in install script header (#8628) 2026-02-12 13:34:31 +05:30
dependabot[bot]
b59e541b35 chore(deps): bump cryptography (#8625) 
Bumps the pip group with 1 update in the /apps/api/requirements directory: [cryptography](https://github.com/pyca/cryptography).


Updates `cryptography` from 44.0.1 to 46.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pyca/cryptography/compare/44.0.1...46.0.5)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.5
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-02-11 13:06:42 +05:30
sriram veeraghanta
2b6e24d526 chore: merge helpers and layouts (#8624) 
* fix: remove constants and services

* fix: formatting

* chore: merge helpers and layouts

* fix: workspace disbale flag handling
 2026-02-10 22:04:07 +05:30
sriram veeraghanta
7793febcf8 chore: merge constants and services (#8623) 
* fix: remove constants and services

* fix: formatting

* fix: types check
 2026-02-10 21:10:54 +05:30
sriram veeraghanta
06e4a1624c fix: remove ee folder from web (#8622) 2026-02-10 20:01:42 +05:30
Sangeetha
57ce2a5429 [WEB-6149] migration: change estimate point key max value to 50 #8620 2026-02-10 17:07:14 +05:30
sriramveeraghanta
0887cbbda8 chore(deps): update lodash package 2026-02-09 19:26:39 +05:30
M. Palanikannan
e1227f0b58 fix: type fix for description payload (#8619) 
* fix: type fix

* fix: duplicate type fix
 2026-02-09 15:18:09 +05:30
sriramveeraghanta
ea7b30bc9c chore(deps): update the node pacakges 2026-02-09 14:59:33 +05:30
Vipin Chaudhary
dfbd043e50 [WEB-6058] chore : add logic to handle save#8614 2026-02-09 14:53:35 +05:30
sriramveeraghanta
13a679437d chore(deps): upgrade django version 2026-02-09 14:51:53 +05:30
Sangeetha
78729277e8 [SECUR-104] fix: Arbitrary Modification of API Token Rate Limits#8612 2026-02-09 14:50:29 +05:30
Sangeetha
d191615a5e [SECUR-113] fix: ssrf for work item links (#8607) 2026-02-05 15:03:43 +05:30
sriramveeraghanta
587cb3ecfe fix: file fomatting 2026-02-02 18:08:44 +05:30
Bavisetti Narayan
b8d3b3c5eb fix: module percentage calculation (#8595) 2026-01-29 14:48:43 +05:30
sriram veeraghanta
02d0ee3e0f chore: add copyright (#8584) 
* feat: adding new copyright info on all files

* chore: adding CI
 2026-01-27 13:54:22 +05:30
Ship it
66decf6617 fully translated into Ukrainian language (#8579) 2026-01-27 01:29:56 +05:30
Prateek Shourya
32a2584578 [GIT-66] improvement: prevent disabling last enabled authentication method (#8570) 2026-01-27 00:47:37 +05:30
Sangeetha
f7d5200ed8 migration: back migrate all product tour fields to set true (#8575) 2026-01-27 00:47:02 +05:30
M. Palanikannan
b31c0195bc fix: pdf export (#8564) 
* feat: pdf export

* fix: tests

* fix: tests

---------

Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
 2026-01-26 22:08:10 +05:30