09645d8641
Security fixes: - Remove WS token from plaintext log output (ws_universal.rs) - Replace weak LCG PRNG with rand::thread_rng() for access key generation - Add project membership check to issue triage endpoint (prevent unauthorized AI usage) - Validate deepLinkUrl to prevent javascript: navigation (XSS defense-in-depth) Data integrity fixes: - Fix UUID truncation in AI model sync (as_u128() as i64 -> timestamp_millis) - Wrap PR cascade delete in database transaction - Add missing cascade deletes for room_message_reaction, room_message_edit_history, room_notifications - Fix N+1 query for last_commit_times (single grouped query instead of per-repo) Panic prevention: - Replace unwrap() with safe fallbacks in health/metrics endpoints (email, git-hook apps) - Replace unwrap() in access key scopes serialization - Replace expect() in tool executor result map with synthetic error - Replace expect() in log level parsing with default fallback Logic bugs: - Fix users_online metric double-decrement (decrement only when count reaches 0) - Fix Map iteration + deletion bug in universal-ws.ts onclose handler - Fix stale audioStream reference in catch block (use local stream variable) - Add missing reInit event cleanup in carousel.tsx - Fix email retry backoff integer overflow ((1 << i) as u64 -> 1u64 << i) React fixes: - Use message.id instead of index as key in message-list - Add audio stream cleanup on unmount in use-audio-recording |
||
|---|---|---|
| .. | ||
| agent | ||
| agent-tool-derive | ||
| api | ||
| avatar | ||
| config | ||
| db | ||
| fctool | ||
| frontend | ||
| git | ||
| migrate | ||
| models | ||
| observability | ||
| queue | ||
| room | ||
| rpc | ||
| service | ||
| session | ||
| session_manager | ||
| transport | ||
| webhook | ||