Discourse/discourse
Discourse/discourse
0
0
Fork 0
mirror of https://gh.wpcy.net/https://github.com/discourse/discourse.git synced 2026-06-19 01:44:11 +08:00
Code Packages Activity Actions
discourse/plugins/discourse-data-explorer/app
History
Exact
Bannon Tanner 44bac11628
SECURITY: Group report details expose raw Data Explorer SQL to non-admin group members (#40919) 
## Summary

Prevent the exposure of raw Data Explorer SQL to non-admin group members
when viewing report details. The sql attribute is now correctly gated to
administrators within the query details serializer.

## Source

- Patch Triage: https://patch.discourse.org/patch-triage/1290
- Affected file:
https://github.com/discourse/discourse/blob/main/plugins/discourse-data-explorer/app/serializers/discourse_data_explorer/query_details_serializer.rb

---

🤖 Auto-generated from the patch diff via Patch Triage. Review carefully
before merging.

Co-authored-by: discourse-patch-triage
<272280883+discourse-patch-triage[bot]@users.noreply.github.com>
2026-06-16 13:46:19 -05:00
..
controllers/discourse_data_explorer UX: Data explorer improvements (#40605) 2026-06-05 19:31:37 +08:00
jobs DEV: Switch DE agent to use tools for structure and accuracy (#40315) 2026-06-03 22:08:44 +08:00
models/discourse_data_explorer FEATURE: Customisable Reports section on the new admin dashboard (#40264) 2026-05-25 13:55:25 +03:00
serializers/discourse_data_explorer SECURITY: Group report details expose raw Data Explorer SQL to non-admin group members (#40919) 2026-06-16 13:46:19 -05:00