binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bb-plane-fork/apps/api
History
sriram veeraghanta 587fe76032
fix: prevent privilege escalation in project member role updates (GHSA-494h-3rcq-5g3c) (#8833) 
Restrict role modification in ProjectMemberViewSet.partial_update to
Admins only and enforce that requesters cannot modify or assign roles
equal to or higher than their own. Previously, Guests could demote
Admins by exploiting a missing lower-bound check on role changes.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-06 15:54:01 +05:30
..
bin [WEB-5592] chore: add static files update settings for static files support (#8251) 2025-12-09 21:05:26 +05:30
plane fix: prevent privilege escalation in project member role updates (GHSA-494h-3rcq-5g3c) (#8833) 2026-04-06 15:54:01 +05:30
requirements chore(deps): bump cryptography (#8819) 2026-03-30 12:28:39 +05:30
templates [WEB-6420] chore: self-host social icons in project invitation email (#8718) 2026-03-05 18:17:42 +05:30
.coveragerc chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
.env.example - Add SIGNED_URL_EXPIRATION environment variable (#8136) 2025-12-03 10:52:19 +05:30
.prettierignore fix: eslint (#8185) 2025-12-05 16:03:51 +05:30
Dockerfile.api chore: updated node version to 22 and python version to 3.12.10 (#7343) 2025-07-04 16:28:30 +05:30
Dockerfile.dev chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
manage.py chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
package.json chore: version bump 2026-03-31 17:09:35 +05:30
pyproject.toml [WEB-5044] fix: ruff lint and format errors (#7868) 2025-09-29 19:15:32 +05:30
pytest.ini chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
requirements.txt chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30
run_tests.py chore: add copyright (#8584) 2026-01-27 13:54:22 +05:30
run_tests.sh chore: rename server to api (#7342) 2025-07-04 15:32:21 +05:30