[PR #2904] [MERGED] Patch unauthorized access to other user's pfps #4172

Closed
opened 2026-02-22 18:35:17 -05:00 by yindo · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/Mintplex-Labs/anything-llm/pull/2904
Author: @shatfield4
Created: 12/26/2024
Status: Merged
Merged: 12/30/2024
Merged by: @timothycarambat

Base: masterHead: patch-load-other-user-pfps


📝 Commits (3)

  • d963b91 patch unauthorized viewing of other user's pfps
  • e9ab16a Merge branch 'master' into patch-load-other-user-pfps
  • 906ba99 inline return responses

📊 Changes

1 file changed (+6 additions, -12 deletions)

View changed files

📝 server/endpoints/system.js (+6 -12)

📄 Description

Pull Request Type

  • feat
  • 🐛 fix
  • ♻️ refactor
  • 💄 style
  • 🔨 chore
  • 📝 docs

Relevant Issues

resolves #xxx

What is in this change?

  • Fixes a bug allowing an authenticated user to have unauthorized access to other user's profile images

Additional Information

Developer Validations

  • I ran yarn lint from the root of the repo & committed changes
  • Relevant documentation has been updated
  • I have tested my code functionality
  • Docker build succeeds locally

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/Mintplex-Labs/anything-llm/pull/2904 **Author:** [@shatfield4](https://github.com/shatfield4) **Created:** 12/26/2024 **Status:** ✅ Merged **Merged:** 12/30/2024 **Merged by:** [@timothycarambat](https://github.com/timothycarambat) **Base:** `master` ← **Head:** `patch-load-other-user-pfps` --- ### 📝 Commits (3) - [`d963b91`](https://github.com/Mintplex-Labs/anything-llm/commit/d963b91cfd03a3ca7fb5f131607352d748407593) patch unauthorized viewing of other user's pfps - [`e9ab16a`](https://github.com/Mintplex-Labs/anything-llm/commit/e9ab16afae96b2a9f2b78cc32e359dec814dbbc2) Merge branch 'master' into patch-load-other-user-pfps - [`906ba99`](https://github.com/Mintplex-Labs/anything-llm/commit/906ba99e00b4812b858ec99f99c234d612f17d9e) inline return responses ### 📊 Changes **1 file changed** (+6 additions, -12 deletions) <details> <summary>View changed files</summary> 📝 `server/endpoints/system.js` (+6 -12) </details> ### 📄 Description ### Pull Request Type <!-- For change type, change [ ] to [x]. --> - [ ] ✨ feat - [x] 🐛 fix - [ ] ♻️ refactor - [ ] 💄 style - [ ] 🔨 chore - [ ] 📝 docs ### Relevant Issues <!-- Use "resolves #xxx" to auto resolve on merge. Otherwise, please use "connect #xxx" --> resolves #xxx ### What is in this change? <!-- Describe the changes in this PR that are impactful to the repo. --> - Fixes a bug allowing an authenticated user to have unauthorized access to other user's profile images ### Additional Information <!-- Add any other context about the Pull Request here that was not captured above. --> ### Developer Validations <!-- All of the applicable items should be checked. --> - [x] I ran `yarn lint` from the root of the repo & committed changes - [x] Relevant documentation has been updated - [x] I have tested my code functionality - [x] Docker build succeeds locally --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
yindo added the pull-request label 2026-02-22 18:35:17 -05:00
yindo closed this issue 2026-02-22 18:35:17 -05:00
yindo changed title from [PR #2904] Patch unauthorized access to other user's pfps to [PR #2904] [MERGED] Patch unauthorized access to other user's pfps 2026-06-05 15:17:12 -04:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: Mintplex-Labs/anything-llm#4172