|
|
7c83a9e168
|
fix(security): Resolve 21 SQL injection vulnerabilities and add transactions
Security fixes (v1.2.2):
- Fix SQL injection in analytics.ts (16 occurrences)
- Fix SQL injection in advanced-search.ts (1 occurrence)
- Fix SQL injection in search-queries.ts (1 occurrence)
- Add validateDaysInterval(), isValidISODate(), validatePeriod() to security.ts
- Use make_interval(days => N) for safe PostgreSQL intervals
- Validate UUIDs BEFORE string construction
Transaction support:
- bulk-operations.ts: 6 atomic operations with withTransaction()
- desk-sync.ts: 2 operations with transactions
- export-import.ts: 1 operation with transaction
Rate limiting:
- Add automatic cleanup of expired entries (every 5 minutes)
Audit:
- Archive previous audit docs to docs/audits/2026-01-31-v1.2.1/
- Create new AUDIT-REQUEST.md for v1.2.2 verification
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-01-31 14:47:41 +00:00 |
|
|
|
83b70f557e
|
feat: Add 52 new tools bringing total to 160
New modules (11):
- teams.ts (5 tools): Team/workspace management
- integrations.ts (6 tools): External integrations (Slack, embeds)
- notifications.ts (4 tools): User notification management
- subscriptions.ts (4 tools): Document subscription management
- templates.ts (5 tools): Document template management
- imports-tools.ts (4 tools): Import job management
- emojis.ts (3 tools): Custom emoji management
- user-permissions.ts (3 tools): Permission management
- bulk-operations.ts (6 tools): Batch operations
- advanced-search.ts (6 tools): Faceted search, recent, orphaned, duplicates
- analytics.ts (6 tools): Usage statistics and insights
Updated:
- src/index.ts: Import and register all new tools
- src/tools/index.ts: Export all new modules
- CHANGELOG.md: Version 1.2.0 entry
- CLAUDE.md: Updated tool count to 160
- CONTINUE.md: Updated state documentation
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
|
2026-01-31 13:53:27 +00:00 |
|
