vikunja/pkg
kolaente 2da89258e5 test: add failing test for task comment IDOR
Proves that a user can read a comment from an inaccessible task by
supplying an accessible task ID in the URL. Comment 18 belongs to
task 34 (owned by user 13), but testuser1 can read it via task 1.

Ref: GHSA-mr3j-p26x-72x4
2026-03-20 11:41:28 +00:00
..
caldav fix(caldav): parse timestamps in configured timezone 2026-03-03 12:18:48 +01:00
cmd fix(cli): make user deletion confirmation check Windows compatible (#2339) 2026-03-05 15:19:08 +01:00
config style: fix alignment in config key declarations 2026-03-20 11:08:00 +00:00
cron fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
db test: add tests for disabled user password reset prevention 2026-03-20 11:23:21 +00:00
doctor refactor: remove typesense support 2026-02-25 12:15:28 +01:00
e2etests test(webhooks): allow non-routable IPs in E2E tests 2026-03-19 15:18:06 +01:00
events feat: add InitEventsForTesting and Unfake for real event dispatch in tests 2026-03-05 12:49:27 +01:00
files refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
health feat: introduce shared health check logic (#1073) 2025-07-02 21:01:41 +00:00
i18n chore(i18n): update translations via Crowdin 2026-03-10 01:08:39 +00:00
initialize refactor: remove typesense support 2026-02-25 12:15:28 +01:00
log fix(log): write each log category to its own file (#2206) 2026-02-08 15:22:58 +00:00
mail fix(mail): disable queue when mailer disabled (#2069) 2026-01-08 15:51:31 +01:00
metrics fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
migration feat: add user_id to webhooks and user-directed event infrastructure 2026-03-08 19:45:53 +01:00
models fix: adapt image preview DoS protection to new FileStorage interface 2026-03-20 11:34:41 +00:00
modules refactor: replace afero with FileStorage interface 2026-03-20 10:59:44 +01:00
notifications test: add tests for conversational email system 2026-03-08 16:03:47 +01:00
plugins fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
red fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
routes fix: block login for StatusAccountLocked users 2026-03-20 11:23:21 +00:00
swagger [skip ci] Updated swagger docs 2026-03-19 09:26:05 +00:00
user fix: update test expectations for new disabled user fixture 2026-03-20 11:23:21 +00:00
utils refactor(utils): extract ContainsPathTraversal to shared utils package 2026-02-25 13:01:00 +01:00
version fix: correct license header references (#882) 2025-06-10 12:18:38 +02:00
web feat(handlers): dispatch pending events after transaction commit 2026-03-03 12:46:34 +01:00
webtests test: add failing test for task comment IDOR 2026-03-20 11:41:28 +00:00