dify/console at c2fcd2895bb296a941056fd967cfe44af3e1df24 - dify

History

QuantumGhost 874406d934 security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518 ) The `ChatMessageApi` (`POST /console/api/apps/{app_id}/chat-messages`) and `ModelConfigResource` (`POST /console/api/apps/{app_id}/model-config`) endpoints do not properly validate user permissions, allowing users without `editor` permission to access restricted functionality. This PR addresses this issue by adding proper permission check.		2025-09-11 14:53:35 +08:00
..
app	security(api): fix privilege escalation vulnerability in model config and chat message APIs (#25518 )	2025-09-11 14:53:35 +08:00
__init__.py	feat: Persist Variables for Enhanced Debugging Workflow (#20699 )	2025-06-24 09:05:29 +08:00