binarybeach/bb-plane-fork
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
bb-plane-fork/apps
History
sriram veeraghanta a01b51fca5
fix: scope IssueBulkUpdateDateEndpoint query to workspace and project (#8834) 
The bulk update date endpoint fetched issues by ID without filtering
by workspace or project, allowing any authenticated project member to
modify start_date and target_date of issues in any workspace/project
across the entire instance (IDOR - CWE-639).

Scoped the query to include workspace__slug and project_id filters,
consistent with other issue endpoints in the codebase.

Ref: GHSA-4q54-h4x9-m329
2026-03-31 17:43:35 +05:30
..
admin chore: version bump 2026-03-31 17:09:35 +05:30
api fix: scope IssueBulkUpdateDateEndpoint query to workspace and project (#8834) 2026-03-31 17:43:35 +05:30
live chore: version bump 2026-03-31 17:09:35 +05:30
proxy Merge branch 'canary' of github.com:makeplane/plane into preview 2025-12-12 13:42:48 +05:30
space chore: version bump 2026-03-31 17:09:35 +05:30
web chore: version bump 2026-03-31 17:09:35 +05:30