typebot.io

mirror of https://github.com/baptisteArno/typebot.io.git synced 2026-06-05 21:04:43 +08:00

History

Baptiste Arnaud 7ae4c007d0 🐛 Fix credential access control and remove vulnerable S3 upload endpoint (#2459 ) - Bind credential updates to workspace ownership in `handleUpdateOAuthCredentials` to prevent cross-workspace OAuth credential takeover (GHSA-3788-7276-x4j4) - Require write access in `handleGetAccessToken` to prevent guest members from obtaining Google Sheets OAuth tokens (GHSA-qjpp-9cqc-jhh8) - Require write access in `handleListModels` to prevent guest members from exfiltrating OpenAI API keys (GHSA-gc3v-9whw-6wjh) - Remove deprecated unauthenticated upload endpoint that allowed arbitrary S3 object writes (GHSA-m7f5-3wcm-x2c4) --------- Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>		2026-04-15 10:39:54 +02:00
..
builder	🐛 Fix credential access control and remove vulnerable S3 upload endpoint (#2459 )	2026-04-15 10:39:54 +02:00
docs	✨ Add Ask Model action using OpenAI Responses API (#2455 )	2026-04-13 14:02:35 +00:00
landing-page	📝 Update blog posts links (#2445 )	2026-04-13 14:25:24 +02:00
viewer	🐛 Fix stored XSS via javascript: URI in bubble links (GHSA-hqmv-v56g-4m47) (#2435 )	2026-04-07 17:46:09 +02:00
workflows	♻️ Remove shared-primitives package	2026-03-25 10:43:35 +01:00