Skip to content

issues Search Results · language:Dune language:HTML language:JavaScript language:JavaScript language:Java language:Python

Filter by

62.2M results  (831 ms)

62.2M results

Added SecurityHeadersMiddleware (X-Content-Type-Options, X-Frame-Options, Referrer-Policy). CORS now strips localhost/127.0.0.1 origins in production and never pairs allow_credentials with a wildcard. ...
backend
p2
security

Build Scans: - elasticsearch-intake #42575 / part4 - elasticsearch-pull-request #159689 / part-4 - elasticsearch-pull-request #159692 / part-4 - elasticsearch-pull-request #159689 / part-4 - ...
needs:risk
:SearchOrg/Inference
Team:Search - Inference
>test-failure

Config validation only checked for empty secrets, so a copied-but-unedited .env.example (change-me-...) would boot in production with a known signing secret. Fix: reject placeholder ( change-me / your- ...
backend
p1
security

Enhancement: Implement Router-First Execution and Selective Context Loading Summary Optimize Orchestra s execution pipeline by replacing the current full-context loading approach with a router-first ...
architecture
enhancement
governance
optimization
performance
routing

Description Background With jkube-images 0.0.28 released, several quickstart projects contain hardcoded references to outdated jkube-images versions (ranging from 0.0.13 to 0.0.25). These should be updated ...

get_client_id trusted the X-User-ID header (rotate to evade) and X-Forwarded-For unconditionally (spoof to evade IP limits). Fix: key on a hash of the caller s own session token (unforgeable); trust X-Forwarded-For ...
backend
p1
security

POST /scrape-job-description passed user URLs to httpx (follow_redirects=true) with no host validation — reachable: cloud metadata (169.254.169.254), localhost, RFC1918. Fix: transport-level SSRF guard ...
backend
p0
security

Goal Turn the aspirational fail_under=80 into a measured, enforced reality. Coverage tooling exists (pytest-cov, branch=true, fail_under=80, make test-cov) but is NEVER run automatically — CI is static/lint-only, ...

Background A review of the codebase surfaced five small issues — unnecessary indirection, hand-rolled patterns where idiomatic Python is shorter, and one architectural seam that leaks the wrong type through ...

_extract_token read the raw better-auth.session_token cookie which is token . signature and, over HTTPS, prefixed __Secure-. The DB stores only the token, so cookie-based auth never validated. Fix: strip ...
backend
p2
security
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.