issues Search Results · language:Dune language:JavaScript language:JavaScript language:Java language:JavaScript is:public
Filter by
33.3M results
DB durability/throughput issues confirmed against the live DB. Private review §C8, §C9, §C10.
- journal_mode is delete, not WAL (§C8) — db.rs:38-42 never sets it; PRAGMA journal_mode on prod returns ...
performance
Summary
The body-size guard in functions/_middleware.js reads the client-supplied Content-Length header to enforce a 1 MB limit.
Because this header is set by the caller, an attacker can omit it entirely ...
bug
priority:p2
security
loadDeal (useDealPractice.js:848-892) resets wrongStepIndices, studentBidStepIndices, promptHistory, observationId — but
not altStepIndices (set at :517). Private review §C4.
Effect: a student who picks ...
bug
Long-lived async bot loops write results into whatever deal is current when they resolve, with no cancellation token.
With BEN cold-start ~20s the race window is large. Private review §C3.
- Card play: ...
bug
Search before asking
- [x] I searched in the issues and found nothing similar.
Describe the bug
Hello, I originally raised issue https://github.com/FasterXML/jackson-databind/issues/1649 where
@JsonInclude(value=JsonInclude.Include.NON_EMPTY, ...
to-evaluate
useDataSync has four correctness bugs, all confirmed by reading the code. Detailed line refs in the private review §C1,
§C2, §C5, §C6.
1. Listener/interval stacking (§C1) — setupSyncTriggers() (useDataSync.js:359) ...
bug
Summary
/api/events/public parses the ?limit= query parameter without guarding against non-numeric input. Passing a non-numeric
string (e.g., ?limit=abc) causes parseInt() to return NaN, and Math.min(NaN, ...
bug
priority:p1
security
Apache Hop version?
2.19
Java version?
21
Operating system
Windows
What happened?
I have identified a possible issue in Apache Hop pipelines where steps that perform grouping, join, or lookup operations ...
awaiting triage
P3
Transforms
Read and admin endpoints currently return more than the caller should see and trust caller-supplied identifiers for
authorization. Track the move to per-caller scoping (the RSA-signed-request scheme already ...
security
Several backend write endpoints do not currently enforce the API-key check that the rest of the API uses, and one
identity-related endpoint accepts changes it shouldn t. Bring every mutating route under ...
security

Learn how you can use GitHub Issues to plan and track your work.
Save views for sprints, backlogs, teams, or releases. Rank, sort, and filter issues to suit the occasion. The possibilities are endless.Learn more about GitHub IssuesProTip! Restrict your search to the title by using the in:title qualifier.