upaas

History

clawbot 867cdf01ab fix: add ownership verification on env var, label, volume, and port deletion Verify that the resource's AppID matches the URL path app ID before allowing deletion. Without this check, any authenticated user could delete resources belonging to any app by providing the target resource's ID in the URL regardless of the app ID in the path (IDOR vulnerability). Closes #19		2026-02-15 21:02:46 -08:00
..
routes.go	fix: add ownership verification on env var, label, volume, and port deletion	2026-02-15 21:02:46 -08:00
server.go	Initial commit with server startup infrastructure	2025-12-29 15:46:03 +07:00