binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bb-plane-fork/apps/api/plane
History
sriram veeraghanta a01b51fca5
fix: scope IssueBulkUpdateDateEndpoint query to workspace and project (#8834) 
The bulk update date endpoint fetched issues by ID without filtering
by workspace or project, allowing any authenticated project member to
modify start_date and target_date of issues in any workspace/project
across the entire instance (IDOR - CWE-639).

Scoped the query to include workspace__slug and project_id filters,
consistent with other issue endpoints in the codebase.

Ref: GHSA-4q54-h4x9-m329
2026-03-31 17:43:35 +05:30
..
analytics chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
api [SILO-1026] feat: add estimates external API endpoints (#8664) 2026-03-30 15:30:02 +05:30
app fix: scope IssueBulkUpdateDateEndpoint query to workspace and project (#8834) 2026-03-31 17:43:35 +05:30
authentication [WEB-5225] feat: enhance authentication logging with detailed error and info message (#7998) 2026-03-03 19:35:34 +05:30
bgtasks [WEB-6420] chore: self-host social icons in project invitation email (#8718) 2026-03-05 18:17:42 +05:30
db [SILO-1026] feat: add estimates external API endpoints (#8664) 2026-03-30 15:30:02 +05:30
license [GIT-44] refactor(auth): add PASSWORD_TOO_WEAK error code (#8522) 2026-02-13 18:51:33 +05:30
middleware chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
seeds/data [WEB-5602] feat: new design system (#8220) 2025-12-12 20:50:14 +05:30
settings [WEB-5225] feat: enhance authentication logging with detailed error and info message (#7998) 2026-03-03 19:35:34 +05:30
space fix: Member Information Disclosure via Public Endpoint #8646 2026-02-20 18:34:56 +05:30
static [WEB-6420] chore: self-host social icons in project invitation email (#8718) 2026-03-05 18:17:42 +05:30
tests [SECUR-104] fix: Arbitrary Modification of API Token Rate Limits#8612 2026-02-20 18:27:13 +05:30
throttles chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
utils [SILO-1026] feat: add estimates external API endpoints (#8664) 2026-03-30 15:30:02 +05:30
web chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
__init__.py chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
asgi.py chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
celery.py chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
urls.py chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
wsgi.py chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30