Skip to content

[PM-35066] - remove legacy collections endpoint#7520

Open
jaasen-livefront wants to merge 1 commit intomainfrom
PM-35066
Open

[PM-35066] - remove legacy collections endpoint#7520
jaasen-livefront wants to merge 1 commit intomainfrom
PM-35066

Conversation

@jaasen-livefront
Copy link
Copy Markdown
Collaborator

@jaasen-livefront jaasen-livefront commented Apr 21, 2026
edited by atlassian Bot
Loading

🎟️ Tracking

https://bitwarden.atlassian.net/browse/PM-35066

📔 Objective

Removes the legacy v1 PUT /api/ciphers/{id}/collections endpoint and its POST alias POST /api/ciphers/{id}/collections from CiphersController.

These endpoints were identified as still reachable during investigation of VULN-514. While the vulnerability itself was not deemed a security issue, the endpoints were flagged for removal. They are superseded by the v2 endpoint PUT /api/ciphers/{id}/collections_v2 (PutCollections_vNext), which remains intact.

@jaasen-livefront jaasen-livefront requested a review from a team as a code owner April 21, 2026 22:31
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 21, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsd87bd94c-d958-4b7c-8be0-3d53974d5718

Fixed Issues (5) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
MEDIUM CSRF src/Identity/Controllers/AccountsController.cs: 138
MEDIUM CSRF src/Api/Vault/Controllers/CiphersController.cs: 763
MEDIUM CSRF src/Api/Vault/Controllers/CiphersController.cs: 763
MEDIUM CSRF src/Api/Vault/Controllers/CiphersController.cs: 763
MEDIUM CSRF src/Api/Vault/Controllers/CiphersController.cs: 763

@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 21, 2026

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 59.14%. Comparing base (55d5f55) to head (4fb318c).
⚠️ Report is 8 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #7520      +/-   ##
==========================================
+ Coverage   59.10%   59.14%   +0.04%     
==========================================
  Files        2078     2077       -1     
  Lines       91697    91832     +135     
  Branches     8150     8174      +24     
==========================================
+ Hits        54194    54315     +121     
- Misses      35572    35585      +13     
- Partials     1931     1932       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@jaasen-livefront jaasen-livefront requested review from a team as code owners April 22, 2026 00:27
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 22, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dani-garcia dani-garcia dani-garcia approved these changes

@shane-melton shane-melton shane-melton approved these changes

@mkincaid-bw mkincaid-bw mkincaid-bw approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jaasen-livefront @dani-garcia @shane-melton @mkincaid-bw