issues Search Results · language:Dune language:JavaScript language:JavaScript language:Java language:JavaScript language:C#
Filter by
39.5M results
Problem
Multiple medium-security gaps:
- No HTTPS enforcement (server/index.js:26-28)
- DB file could be served via misconfigured static root (server/index.js:20-21)
- express.json() body size ...
priority:medium
security
Description
When clicking on the Documentation link in the website s navigation bar, the application redirects to the /docs route,
but the page returns a 404 Not Found error instead of displaying the ...
Orleans reference: dotnet/orleans#9038
Summary
Orleans request for a Redis Pub/Sub-backed stream provider (Orleans currently ships Event Hubs/SQS/etc. providers but no
plain Redis Pub/Sub option).
Why ...
area: streaming
enhancement
status: needs-design
Hardcoded config values. Externalize to env vars.
Generated for enterprise-scale GitHub performance testing.
Repository: qa-load-v2 Booster Run ID: boost-20260625-121619 Sequence: 456
P3-low
perf-test
Problem
Auto-increment INTEGER PRIMARY KEY IDs are trivially enumerable. Attackers can guess/iterate resource IDs.
Scope
- Change all ID columns to UUID (TEXT) in schema
- Generate UUIDs server-side ...
priority:high
security
Orleans reference: dotnet/orleans#5772
Summary
Orleans discussion thread (50 combined reactions/comments) on F# ergonomics — Orleans codegen and grain conventions lean
heavily on C#-specific patterns. ...
area: codegen
enhancement
status: needs-design
Problem
No security headers set. Missing X-Content-Type-Options, X-Frame-Options, Strict-Transport-Security,
Content-Security-Policy, Referrer-Policy.
Scope
- Add helmet middleware to server/index.js ...
priority:high
security
Orleans reference: dotnet/orleans#447, dotnet/orleans#446
Summary
Orleans request (2015) for a single writer, multiple readers grain pattern / state replication — one authoritative
activation handles ...
area: persistence
enhancement
status: needs-design
Problem
CORS is wide-open (cors() with no options) at server/index.js:12. Any origin can call every API endpoint. Combined with
no CSRF protection, any malicious page can forge state-changing requests. ...
priority:critical
security

Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.