Skip to content

Fix security advisory issues#227

Open
roncodes wants to merge 9 commits into
mainfrom
feature/security-advisory-fixes
Open

Fix security advisory issues#227
roncodes wants to merge 9 commits into
mainfrom
feature/security-advisory-fixes

Conversation

@roncodes

Copy link
Copy Markdown
Member

Summary

  • harden company user roster lookup against cross-tenant access
  • minimize public organization listing and auth organization serialization
  • block generic login identity mutation while adding verified admin/self-service email change flows
  • tighten reset, email verification, and email-change verification code handling

Validation

  • php -l on touched PHP files
  • php-cs-fixer dry-run on touched PHP files
  • git diff --check

Full backend test suite was not run because the existing Pest harness is currently blocked by the pre-existing Tests\TestCase issue.

@roncodes roncodes force-pushed the feature/security-advisory-fixes branch from 85eca00 to 05d3b1d Compare July 16, 2026 07:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant