63fac3b8c4
* fix: validate redirects in favicon fetching to prevent SSRF The previous SSRF fix (GHSA-jcc6-f9v6-f7jw) only validated redirects for the main page URL but not for the favicon fetch path. An attacker could craft an HTML page with a favicon link that redirects to a private IP, bypassing the IP validation and leaking internal network data as base64. Extract a reusable `safe_get()` function that validates every redirect hop against private/internal IPs and use it for both page and favicon fetches. Resolves: GHSA-9fr2-pprw-pp9j Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> * fix: address PR review feedback for SSRF favicon fix - Fix off-by-one in redirect limit: only raise RuntimeError when the response is still a redirect after MAX_REDIRECTS hops, not when the final response is a successful 200 - Return final URL from safe_get() so favicon href resolution uses the correct origin after redirects instead of the original URL - Add unit tests for validate_url_ip and safe_get covering private IP blocking, redirect-following, and redirect limit enforcement Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .github | ||
| .husky | ||
| .idx | ||
| apps | ||
| deployments | ||
| docs | ||
| packages | ||
| .dockerignore | ||
| .env.example | ||
| .gitattributes | ||
| .gitignore | ||
| .mise.toml | ||
| .npmrc | ||
| .oxfmtrc.json | ||
| .oxlintrc.json | ||
| .prettierignore | ||
| AGENTS.md | ||
| CODE_OF_CONDUCT.md | ||
| CODEOWNERS | ||
| CONTRIBUTING.md | ||
| COPYRIGHT.txt | ||
| COPYRIGHT_CHECK.md | ||
| docker-compose-local.yml | ||
| docker-compose.yml | ||
| LICENSE.txt | ||
| package.json | ||
| pnpm-lock.yaml | ||
| pnpm-workspace.yaml | ||
| README.md | ||
| SECURITY.md | ||
| setup.sh | ||
| turbo.json | ||
Modern project management for all teams
Website • Forum • Twitter • Documentation
Meet Plane, an open-source project management tool to track issues, run sprints cycles, and manage product roadmaps without the chaos of managing the tool itself. 🧘♀️
Plane is evolving every day. Your suggestions, ideas, and reported bugs help us immensely. Do not hesitate to join in the conversation on Forum or raise a GitHub issue. We read everything and respond to most.
🚀 Installation
Getting started with Plane is simple. Choose the setup that works best for you:
-
Plane Cloud Sign up for a free account on Plane Cloud—it's the fastest way to get up and running without worrying about infrastructure.
-
Self-host Plane Prefer full control over your data and infrastructure? Install and run Plane on your own servers. Follow our detailed deployment guides to get started.
| Installation methods | Docs link |
|---|---|
| Docker |  |
| Kubernetes |  |
Instance admins can configure instance settings with God mode.
🌟 Features
-
Work Items Efficiently create and manage tasks with a robust rich text editor that supports file uploads. Enhance organization and tracking by adding sub-properties and referencing related issues.
-
Cycles Maintain your team’s momentum with Cycles. Track progress effortlessly using burn-down charts and other insightful tools.
-
Modules Simplify complex projects by dividing them into smaller, manageable modules.
-
Views Customize your workflow by creating filters to display only the most relevant issues. Save and share these views with ease.
-
Pages Capture and organize ideas using Plane Pages, complete with AI capabilities and a rich text editor. Format text, insert images, add hyperlinks, or convert your notes into actionable items.
-
Analytics Access real-time insights across all your Plane data. Visualize trends, remove blockers, and keep your projects moving forward.
🛠️ Local development
See CONTRIBUTING
⚙️ Built with
📸 Screenshots
📝 Documentation
Explore Plane's product documentation and developer documentation to learn about features, setup, and usage.
❤️ Community
Join the Plane community on GitHub Discussions and our Forum. We follow a Code of conduct in all our community channels.
Feel free to ask questions, report bugs, participate in discussions, share ideas, request features, or showcase your projects. We’d love to hear from you!
🛡️ Security
If you discover a security vulnerability in Plane, please report it responsibly instead of opening a public issue. We take all legitimate reports seriously and will investigate them promptly. See Security policy for more info.
To disclose any security issues, please email us at security@plane.so.
🤝 Contributing
There are many ways you can contribute to Plane:
- Report bugs or submit feature requests.
- Review the documentation and submit pull requests to improve it—whether it's fixing typos or adding new content.
- Talk or write about Plane or any other ecosystem integration and let us know!
- Show your support by upvoting popular feature requests.
Please read CONTRIBUTING.md for details on the process for submitting pull requests to us.
Repo activity
We couldn't have done this without you.
License
This project is licensed under the GNU Affero General Public License v3.0.