5656~~ ` getStats ` returns counts including unpublished articles without auth check.~~
5757Now requires ` requireUtCodeMember() ` auth check.
5858
59- ### MEDIUM: Storage upload lacks validation
59+ ### ~~ MEDIUM: Storage upload lacks validation~~ FIXED
6060
61- - ~~ No file size limit (DoS risk)~~ Client -side 10MB limit exists
62- - No MIME type whitelist (arbitrary file upload)
63- - ` folder ` parameter not validated (path injection)
64- - ✅ Client -side image compression added (max 1920px, JPEG quality 0.85 )
61+ - ~~ No file size limit (DoS risk)~~ Server -side 10MB limit + client-side validation
62+ - ~~ No MIME type whitelist (arbitrary file upload) ~~ MIME whitelist added (jpeg, png, webp, avif, heic, gif, tiff, svg, bmp )
63+ - ~~ ` folder ` parameter not validated (path injection)~~ Folder allowlist added
64+ - ✅ Server -side WebP compression via sharp (preserves SVG and animated GIF )
6565
6666### ~~ MEDIUM: Project role not validated~~ FIXED
6767
@@ -84,11 +84,11 @@ GitHub org membership cached 24h. Removed members retain access.
8484| Priority | Issue | Fix | Status |
8585| ---------- | -------------- | ------------------------------------------------------- | ------- |
8686| ~~ HIGH~~ | stats endpoint | Add ` requireUtCodeMember() ` or filter to published only | ✅ DONE |
87- | MEDIUM | File upload | Add MIME whitelist, folder allowlist | Partial |
87+ | ~~ MEDIUM~~ | File upload | Add MIME whitelist, folder allowlist, WebP compression | ✅ DONE |
8888| ~~ MEDIUM~~ | Project role | Use ` v.picklist(["lead", "member"]) ` | ✅ DONE |
8989| LOW | Rate limiting | Add to public endpoints | TODO |
9090| LOW | Cache TTL | Reduce to 4h or add invalidation | TODO |
9191
9292## Audit Date
9393
94- 2024-12-15 (Updated: 2025-12-15 )
94+ 2024-12-15 (Updated: 2025-12-23 )
0 commit comments