🐛 Bugfixes
- enhance file deletion and access control in file API 8f85815
- implement access control for note comments 7f9c61e
🔧 Chores
🔍 Other Changes
- [ci skip] Update version to 1.8.3 31bd9c2
- Merge pull request #1089 by blinko-space from blinkospace/fix/security-vulnerabilities-1.8.4 4623dd0
- [ci skip] Update version to 1.8.4 9819e8a
馃悰fix
- prevent path traversal attack in file API (GHSA-hrwx-rhrx-f9mm) c488510
- prevent command injection in MCP servers and fix IDOR in user detail endpoint bef6b77
- prevent privilege escalation in upsertUser endpoint (GHSA-r3mv-q7ww-86p6) 3afbdf4
- prevent arbitrary file write in saveAdditionalDevFile endpoint (GHSA-38hg-8p2j-76g5) 02a4205
- prevent path traversal file enumeration in musicMetadata endpoint (GHSA-5x64-pmfq-pw7q) 9d6fa80
- prevent unauthorized user information disclosure in publicUserList (GHSA-446p-2xf5-frxf) ec1e3e2