maciejpi/nordabiz
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
e718d96a7d
nordabiz/blueprints
History
Maciej Pienczyn e718d96a7d
Some checks are pending
NordaBiz Tests / Unit & Integration Tests (push) Waiting to run
Details
NordaBiz Tests / E2E Tests (Playwright) (push) Blocked by required conditions
Details
NordaBiz Tests / Smoke Tests (Production) (push) Blocked by required conditions
Details
NordaBiz Tests / Send Failure Notification (push) Blocked by required conditions
Details
fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review 
- HIGH: Fix SQL injection in ZOPK knowledge service (3 functions) — replace f-strings with parameterized queries
- MEDIUM: Sanitize tsquery/LIKE input in SearchService to prevent injection
- MEDIUM: Add @login_required + @role_required(ADMIN) to /health/full endpoint
- MEDIUM: Add @role_required(ADMIN) to ZOPK knowledge search API
- MEDIUM: Add bleach HTML sanitization on write for announcements, events, board proceedings (stored XSS via |safe)
- MEDIUM: Remove partial API key from Gemini service logs
- MEDIUM: Remove @csrf.exempt from chat endpoints, add X-CSRFToken headers in JS
- MEDIUM: Add missing CSRF tokens to 3 POST forms (data_request, benefits_form, benefits_list)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-06 05:25:18 +01:00
..
admin fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review 2026-02-06 05:25:18 +01:00
api refactor(rbac): Migrate legacy is_admin checks to role-based has_role()/set_role() 2026-02-05 21:06:22 +01:00
audit refactor: Migrate access control from is_admin to role-based system 2026-02-01 21:05:22 +01:00
auth fix: Use correct field name is_verified instead of email_verified 2026-02-02 13:19:54 +01:00
benefits feat: Add member benefits module with WisprFlow affiliate 2026-02-02 22:26:44 +01:00
board fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review 2026-02-06 05:25:18 +01:00
chat fix(security): Resolve 1 HIGH and 7 MEDIUM vulnerabilities from code review 2026-02-06 05:25:18 +01:00
community feat: Add event access control for Rada Izby meetings 2026-02-03 12:41:42 +01:00
education fix: Usunięto placeholder video "Jak korzystać z NordaGPT" z Akademii 2026-01-30 20:35:01 +01:00
forum feat(forum): Add email notifications for replies + custom tooltips 2026-02-06 04:10:47 +01:00
it_audit refactor: Migrate access control from is_admin to role-based system 2026-02-01 21:05:22 +01:00
membership refactor(rbac): Migrate legacy is_admin checks to role-based has_role()/set_role() 2026-02-05 21:06:22 +01:00
messages security: Restrict member-only features to MEMBER role 2026-02-01 21:33:27 +01:00
public feat(admin): Add permanent delete for archived companies + update release notes 2026-02-05 08:00:30 +01:00
reports refactor(phase1): Extract blueprints for reports, contacts, classifieds, calendar 2026-01-27 10:10:45 +01:00
__init__.py feat: Add Strefa RADA - closed section for Board Council members 2026-02-03 18:41:12 +01:00
CLAUDE.md fix: Rename pkd_codes column to ceidg_pkd_list to avoid backref conflict 2026-02-01 07:22:32 +01:00