sriram veeraghanta a01b51fca5 fix: scope IssueBulkUpdateDateEndpoint query to workspace and project (#8834) ...

The bulk update date endpoint fetched issues by ID without filtering
by workspace or project, allowing any authenticated project member to
modify start_date and target_date of issues in any workspace/project
across the entire instance (IDOR - CWE-639).

Scoped the query to include workspace__slug and project_id filters,
consistent with other issue endpoints in the codebase.

Ref: GHSA-4q54-h4x9-m329

2026-03-31 17:43:35 +05:30

..

bin

[WEB-5592] chore: add static files update settings for static files support (#8251)

2025-12-09 21:05:26 +05:30

plane

fix: scope IssueBulkUpdateDateEndpoint query to workspace and project (#8834)

2026-03-31 17:43:35 +05:30

requirements

chore(deps): bump cryptography (#8819)

2026-03-30 12:28:39 +05:30

templates

[WEB-6420] chore: self-host social icons in project invitation email (#8718)

2026-03-05 18:17:42 +05:30

.coveragerc

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30

.env.example

- Add SIGNED_URL_EXPIRATION environment variable (#8136)

2025-12-03 10:52:19 +05:30

.prettierignore

fix: eslint (#8185)

2025-12-05 16:03:51 +05:30

Dockerfile.api

chore: updated node version to 22 and python version to 3.12.10 (#7343)

2025-07-04 16:28:30 +05:30

Dockerfile.dev

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30

manage.py

chore: add copyright (#8584)

2026-01-27 13:54:22 +05:30

package.json

chore: version bump

2026-03-31 17:09:35 +05:30

pyproject.toml

[WEB-5044] fix: ruff lint and format errors (#7868)

2025-09-29 19:15:32 +05:30

pytest.ini

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30

requirements.txt

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30

run_tests.py

chore: add copyright (#8584)

2026-01-27 13:54:22 +05:30

run_tests.sh

chore: rename server to api (#7342)

2025-07-04 15:32:21 +05:30