sriram veeraghanta 587fe76032 fix: prevent privilege escalation in project member role updates (GHSA-494h-3rcq-5g3c) (#8833) ...

Restrict role modification in ProjectMemberViewSet.partial_update to
Admins only and enforce that requesters cannot modify or assign roles
equal to or higher than their own. Previously, Guests could demote
Admins by exploiting a missing lower-bound check on role changes.

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-06 15:54:01 +05:30

..

bin

[WEB-5592] chore: add static files update settings for static files support (#8251)

2025-12-09 21:05:26 +05:30

plane

fix: prevent privilege escalation in project member role updates (GHSA-494h-3rcq-5g3c) (#8833)

2026-04-06 15:54:01 +05:30

requirements

chore(deps): bump cryptography (#8819)

2026-03-30 12:28:39 +05:30

templates

[WEB-6420] chore: self-host social icons in project invitation email (#8718)

2026-03-05 18:17:42 +05:30

.coveragerc

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30

.env.example

- Add SIGNED_URL_EXPIRATION environment variable (#8136)

2025-12-03 10:52:19 +05:30

.prettierignore

fix: eslint (#8185)

2025-12-05 16:03:51 +05:30

Dockerfile.api

chore: updated node version to 22 and python version to 3.12.10 (#7343)

2025-07-04 16:28:30 +05:30

Dockerfile.dev

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30

manage.py

chore: add copyright (#8584)

2026-01-27 13:54:22 +05:30

package.json

chore: version bump

2026-03-31 17:09:35 +05:30

pyproject.toml

[WEB-5044] fix: ruff lint and format errors (#7868)

2025-09-29 19:15:32 +05:30

pytest.ini

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30

requirements.txt

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30

run_tests.py

chore: add copyright (#8584)

2026-01-27 13:54:22 +05:30

run_tests.sh

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30