2124 Commits

Author	SHA1	Message	Date
shamoon	cc71aad058	Fix: suggest corrections only if visible results	2026-03-21 01:24:23 -07:00
shamoon	3cbdf5d0b7	Fix: require view permission for more-like search	2026-03-21 01:20:59 -07:00
shamoon	f84e0097e5	Fix validate document link targets	2026-03-21 00:55:36 -07:00
shamoon	9e9fc6213c	Resolve GHSA-96jx-fj7m-qh6x	2026-03-20 15:39:15 -07:00
Trenton H	0f7c02de5e	Fix: test: add regression test for workflow save clobbering filename (#12390) ... Add test_workflow_document_updated_does_not_overwrite_filename to verify that run_workflows (DOCUMENT_UPDATED path) does not revert a DB filename that was updated by a concurrent bulk_update_documents task's update_filename_and_move_files call. The test replicates the race window by: - Updating the DB filename directly (simulating BUD-1 completing) - Mocking refresh_from_db so the stale in-memory filename persists - Asserting the DB filename is not clobbered after run_workflows Relates to: https://github.com/paperless-ngx/paperless-ngx/issues/12386 Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-03-18 13:31:09 -07:00
shamoon	b6501b0c47	Fix: avoid moving files if already moved (#12389)	2026-03-18 09:51:48 -07:00
shamoon	87ebd13abc	Fix: remove pagination from document notes api spec (#12388)	2026-03-18 06:48:05 -07:00
shamoon	7942edfdf4	Fixhancement: only offer basic auth for appropriate requests (#12362)	2026-03-16 22:07:12 -07:00
shamoon	06b2d5102c	Fix GHSA-59xh-5vwx-4c4q	2026-03-15 17:13:08 -07:00
shamoon	60319c6d37	Fix: prevent stale db filename during workflow actions (#12289)	2026-03-09 19:32:46 -07:00
shamoon	615f27e6fb	Fix: support string coercion in filepath jinja templates (#12244)	2026-03-04 08:32:34 -08:00
shamoon	5b809122b5	Fix: apply ordering after annotating tag document count (#12238)	2026-03-04 00:33:13 -08:00
shamoon	8b8307571a	Fix: enforce path limit for db filename fields (#12235)	2026-03-03 13:19:56 -08:00
shamoon	c7f83212a3	Enforce on selection_data too	2026-02-28 01:27:40 -08:00
shamoon	b010f65ae7	Fix GHSA-386h-chg4-cfw9	2026-02-28 01:16:53 -08:00
shamoon	afaf39e43a	Fix/GHSA-x395-6h48-wr8v	2026-02-16 00:02:15 -08:00
shamoon	5b45b89d35	Performance fix: use subqueries to improve object retrieval in large installs (#11950)	2026-02-05 08:46:32 -08:00
shamoon	5cc3c087d9	Security: enforce ownership for permission updates	2026-01-30 13:55:55 -08:00
shamoon	c8c4c7c749	Security: enforce permissions for post_document	2026-01-30 12:14:18 -08:00
shamoon	e4b861d76f	Fix: prevent note deletion outside doc	2026-01-29 13:35:01 -08:00
shamoon	891f4a2faf	Fix: correctly extract all ids for nested tags (#11888)	2026-01-26 09:12:03 -08:00
shamoon	2312314aa7	Performance: improve treenode inefficiencies (#11606)	2026-01-25 21:47:08 -08:00
shamoon	72e8b73108	Fix test	2026-01-25 17:08:15 -08:00
shamoon	5c9ff367e3	Fixhancement: change date calculation for 'this year' to include future documents (#11884)	2026-01-25 16:56:51 -08:00
shamoon	32d04e1fd3	Fix: use correct field id for overrides (#11869)	2026-01-23 15:49:22 -08:00
shamoon	ecfeff5054	Chore: reverse migration order (#11813)	2026-01-18 11:21:35 -08:00
shamoon	742c136773	Fix: use explicit order field for workflow actions (#11781)	2026-01-16 07:39:00 -08:00
shamoon	6f4497185e	Fix merge conflict	2026-01-13 10:01:41 -08:00
shamoon	e816269db5	Fix: recurring workflow to respect latest run time (#11735)	2026-01-13 09:36:53 -08:00
shamoon	d4e60e13bf	Fixhancement: add error handling and retry when opening index (#11731)	2026-01-13 09:36:44 -08:00
shamoon	cb091665e2	Fix: validate cf integer values within PostgreSQL range (#11666)	2026-01-13 09:36:29 -08:00
shamoon	00bb92e3e1	Fix: support ordering by storage path name (#11661)	2026-01-13 09:36:14 -08:00
shamoon	11ec676909	Fix: propagate metadata override created value (#11659)	2026-01-13 09:36:07 -08:00
shamoon	7c457466b7	Security: prevent path traversal in storage paths	2026-01-13 09:29:48 -08:00
shamoon	078cba4bd1	Fix: allow safe <style> tags in SVG uploads (#11593)	2025-12-12 22:01:56 +00:00
Trenton H	d9a596d67a	Fix: Expanded SVG validation whitelist and additional checks (#11590)	2025-12-12 20:04:04 +00:00
shamoon	a1026f03db	Fix: use request.stream instead of request.content (#11591)	2025-12-12 19:50:14 +00:00
shamoon	d391fdec64	Resolve CodeQL warning	2025-12-12 09:39:56 -08:00
shamoon	9bdbfd362f	Merge commit from fork ... * Add safe regex matching with timeouts and validation * Remove redundant length check * Remove timeouterror workaround	2025-12-12 09:28:47 -08:00
shamoon	9ba1d93e15	Merge commit from fork ... * Uses a custom transport to resolve the slim chance of a DNS rebinding affecting the webhook * Fix WebhookTransport hostname resolution and validation * Fix test failures * Lint * Keep all internal logic inside WebhookTransport * Fix test failure * Update handlers.py * Update handlers.py --------- Co-authored-by: Trenton H <797416+stumpylog@users.noreply.github.com>	2025-12-12 09:28:17 -08:00
shamoon	3a1d33225e	Fixhancement: pass ordering to tag children (#11556)	2025-12-12 16:43:16 +00:00
shamoon	3b4d958b97	Performance: avoid unnecessary filename operations on bulk custom field updates (#11558)	2025-12-12 07:50:51 -08:00
shamoon	66d363bdc5	Chore: refactor workflows code (#11563)	2025-12-11 12:13:10 -08:00
shamoon	317f239d09	Fix: pass additional arguments to TagSerializer for permissions (#11576)	2025-12-10 08:38:28 -08:00
shamoon	128c3539d5	Chore: fix set_permissions_for_object type (#11564)	2025-12-10 00:12:40 +00:00
shamoon	8efc998687	Chore: refactor permission checks to use queryset.exists()	2025-12-08 15:53:10 -08:00
shamoon	0c43b50f01	Fix: change async handling of select custom field updates (#11490)	2025-11-30 03:54:15 +00:00
shamoon	27966858fd	Enhancement: add more relative dates, support modified (#11411)	2025-11-19 16:54:24 +00:00
shamoon	cf5ac596ed	Performance: make move files after select custom field change async (#11391)	2025-11-19 15:21:33 +00:00
david-loe	7b175ec1b3	Development: fix correct test delete select option (#11406)	2025-11-18 19:28:52 +00:00