Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fixed vulnerability issue with author role #2394

Merged
merged 1 commit into from
Oct 7, 2024
Merged

Fixed vulnerability issue with author role #2394

merged 1 commit into from
Oct 7, 2024

Conversation

girishpanchal30
Copy link
Contributor

Closes https://github.com/Codeinwp/otter-internals/issues/237

Summary

Resolved a broken access control vulnerability issue.

Checklist before the final review

  • Included E2E or unit tests for the changes in this PR.
  • Visual elements are not affected by independent changes.
  • It is at least compatible with the minimum WordPress version.
  • It loads additional script in frontend only if it is required.
  • Does not impact the Core Web Vitals.
  • In case of deprecation, old blocks are safely migrated.
  • It is usable in Widgets and FSE.
  • Copy/Paste is working if the attributes are modified.
  • PR is following the best practices

@girishpanchal30 girishpanchal30 added the pr-checklist-skip Allow this Pull Request to skip checklist. label Oct 3, 2024
@pirate-bot pirate-bot added the pr-checklist-complete The Pull Request checklist is complete. (automatic label) label Oct 3, 2024
@pirate-bot
Copy link
Contributor

Plugin build for e630d36 is ready 🛎️!

HardeepAsrani
HardeepAsrani approved these changes Oct 3, 2024
View reviewed changes
Copy link
Member

@HardeepAsrani HardeepAsrani left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In terms of changes, it's fine. What we must do during QA is make sure Authors who can publish posts don't face issues with CSS of their posts not being generated.

@vytisbulkevicius vytisbulkevicius merged commit 9d5a78a into development Oct 7, 2024
10 of 13 checks passed
@vytisbulkevicius vytisbulkevicius deleted the vulnerability-237 branch October 7, 2024 13:40
@pirate-bot
Copy link
Contributor

🎉 This PR is included in version 3.0.4 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

@pirate-bot pirate-bot added the released Indicate that an issue has been resolved and released in a particular version of the product. label Oct 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@HardeepAsrani HardeepAsrani HardeepAsrani approved these changes

Assignees
No one assigned
Labels
pr-checklist-complete The Pull Request checklist is complete. (automatic label) pr-checklist-skip Allow this Pull Request to skip checklist. released Indicate that an issue has been resolved and released in a particular version of the product.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@girishpanchal30 @pirate-bot @HardeepAsrani @vytisbulkevicius