vikunja/pkg/routes
kolaente 879462d717 fix(caldav): enforce URL project match in GetResourcesByList
Multiget REPORT requests would happily return tasks from projects
different from the one in the href, even though GetTasksByUIDs now
filters by access. Drop any returned task whose real project_id does
not match the project ID parsed from the href path segment.

Hardening for GHSA-48ch-p4gq-x46x.
2026-04-09 16:07:32 +00:00
..
api/v1 feat(migration): add generic CSV import with column mapping 2026-04-07 15:20:06 +00:00
caldav fix(caldav): enforce URL project match in GetResourcesByList 2026-04-09 16:07:32 +00:00
api_tokens.go refactor(auth): extract shared token validation into auth package 2026-04-02 16:30:23 +00:00
error_handler.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
healthcheck.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
metrics.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
rate_limit.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
routes.go feat(migration): add generic CSV import with column mapping 2026-04-07 15:20:06 +00:00
sentry_middleware.go fix(deps): update module github.com/labstack/echo/v4 to v5 (#2131) 2026-01-24 20:38:32 +01:00
static.go fix(routes): restore SPA routing after Echo v5 upgrade 2026-01-25 11:07:48 +01:00
validation.go fix(attachments): extend upload file size to form data (#1577) 2025-09-30 22:23:07 +00:00