CodeCow/typebot.io
1
0
Fork 0
mirror of https://github.com/baptisteArno/typebot.io.git synced 2026-06-13 21:02:56 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity
da165dfebc
typebot.io/packages/blocks
History
Baptiste Arnaud 7ae4c007d0
🐛 Fix credential access control and remove vulnerable S3 upload endpoint (#2459) 
- Bind credential updates to workspace ownership in
`handleUpdateOAuthCredentials` to prevent cross-workspace OAuth
credential takeover (GHSA-3788-7276-x4j4)
- Require write access in `handleGetAccessToken` to prevent guest
members from obtaining Google Sheets OAuth tokens (GHSA-qjpp-9cqc-jhh8)
- Require write access in `handleListModels` to prevent guest members
from exfiltrating OpenAI API keys (GHSA-gc3v-9whw-6wjh)
- Remove deprecated unauthenticated upload endpoint that allowed
arbitrary S3 object writes (GHSA-m7f5-3wcm-x2c4)

---------

Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-15 10:39:54 +02:00
..
base 🔧 Remove "baseUrl": "." from tsconfigs 2026-03-25 16:40:12 +01:00
bubbles 🔧 Remove "baseUrl": "." from tsconfigs 2026-03-25 16:40:12 +01:00
core 🔧 Remove "baseUrl": "." from tsconfigs 2026-03-25 16:40:12 +01:00
fileInput 🐛 Fix credential access control and remove vulnerable S3 upload endpoint (#2459) 2026-04-15 10:39:54 +02:00
inputs 🔧 Remove "baseUrl": "." from tsconfigs 2026-03-25 16:40:12 +01:00
integrations 🔧 Remove "baseUrl": "." from tsconfigs 2026-03-25 16:40:12 +01:00
logic 🔧 Remove "baseUrl": "." from tsconfigs 2026-03-25 16:40:12 +01:00
webhook 🔧 Remove "baseUrl": "." from tsconfigs 2026-03-25 16:40:12 +01:00