chatwoot

mirror of https://github.com/chatwoot/chatwoot.git synced 2026-06-16 21:06:22 +08:00

History

Pranav 2adc040a8f fix: Validate blob before attaching it to a record (#13115 ) Previously, attachments relied only on blob_id, which made it possible to attach blobs across accounts by enumerating IDs. We now require both blob_id and blob_key, add cross-account validation to prevent blob reuse, and centralize the logic in a shared BlobOwnershipValidation concern. It also fixes a frontend bug where mixed-type action params (number + string) were incorrectly dropped, causing attachment uploads to fail.		2025-12-19 19:02:21 -08:00
..
accounts	fix: Validate blob before attaching it to a record (#13115 )	2025-12-19 19:02:21 -08:00
integrations	feat: Slack link unfurling (#7940 )	2023-09-29 19:35:56 +05:30
profile	feat: MFA (#12290 )	2025-09-18 20:19:24 +05:30
widget	feat: allow configuring attachment upload limit (#12835 )	2025-11-17 14:03:08 -08:00
accounts_controller.rb	feat: Conversation workflow backend changes (#13070 )	2025-12-16 14:43:15 +05:30
notification_subscriptions_controller.rb	fix: Remove the notification subscription if present (#5510 )	2022-09-27 12:36:57 -07:00
profiles_controller.rb	feat: Ability to reset api_access_token (#11565 )	2025-05-29 14:42:13 +05:30
webhooks_controller.rb	chore: Upgrade Exception tracking (#4638 )	2022-05-09 14:23:19 +05:30