Skip to content

issues Search Results · language:Dune language:JavaScript language:JavaScript language:Java language:JavaScript is:public

Filter by

33.3M results  (661 ms)

33.3M results

DB durability/throughput issues confirmed against the live DB. Private review §C8, §C9, §C10. - journal_mode is delete, not WAL (§C8) — db.rs:38-42 never sets it; PRAGMA journal_mode on prod returns ...
performance

Summary The body-size guard in functions/_middleware.js reads the client-supplied Content-Length header to enforce a 1 MB limit. Because this header is set by the caller, an attacker can omit it entirely ...
bug
priority:p2
security

loadDeal (useDealPractice.js:848-892) resets wrongStepIndices, studentBidStepIndices, promptHistory, observationId — but not altStepIndices (set at :517). Private review §C4. Effect: a student who picks ...
bug

Long-lived async bot loops write results into whatever deal is current when they resolve, with no cancellation token. With BEN cold-start ~20s the race window is large. Private review §C3. - Card play: ...
bug

Search before asking - [x] I searched in the issues and found nothing similar. Describe the bug Hello, I originally raised issue https://github.com/FasterXML/jackson-databind/issues/1649 where @JsonInclude(value=JsonInclude.Include.NON_EMPTY, ...
to-evaluate

useDataSync has four correctness bugs, all confirmed by reading the code. Detailed line refs in the private review §C1, §C2, §C5, §C6. 1. Listener/interval stacking (§C1) — setupSyncTriggers() (useDataSync.js:359) ...
bug

Summary /api/events/public parses the ?limit= query parameter without guarding against non-numeric input. Passing a non-numeric string (e.g., ?limit=abc) causes parseInt() to return NaN, and Math.min(NaN, ...
bug
priority:p1
security

Apache Hop version? 2.19 Java version? 21 Operating system Windows What happened? I have identified a possible issue in Apache Hop pipelines where steps that perform grouping, join, or lookup operations ...
awaiting triage
P3
Transforms

Read and admin endpoints currently return more than the caller should see and trust caller-supplied identifiers for authorization. Track the move to per-caller scoping (the RSA-signed-request scheme already ...
security

Several backend write endpoints do not currently enforce the API-key check that the rest of the API uses, and one identity-related endpoint accepts changes it shouldn t. Bring every mutating route under ...
security
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.
Issue origami icon

Learn how you can use GitHub Issues to plan and track your work.

Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub Issues
ProTip! Restrict your search to the title by using the in:title qualifier.