Merge branch 'develop' into chore/rails-update

README.md

@@ -91,7 +91,10 @@ Follow this [link](https://www.chatwoot.com/docs/environment-variables) to under
 Please follow [deployment architecture guide](https://www.chatwoot.com/docs/deployment/architecture) to deploy with Docker or Caprover.
 
 ---
+#### Security
+Looking to report a vulnerability? Please refer our [SECURITY.md](./SECURITY.md) file.
 
+---
 ### Contributors ✨
 
 Thanks goes to all these [wonderful people](https://www.chatwoot.com/docs/contributors):

SECURITY.md

@@ -1,8 +1,31 @@
 # Security Policy
+Chatwoot is looking forward to working with security researchers across the world to keep Chatwoot and our users safe. If you have found an issue in our systems/applications, please reach out to us.
 
 ## Reporting a Vulnerability
 
 We use [huntr.dev](https://huntr.dev/) for security issues that affect our project. If you believe you have found a vulnerability, please disclose it via this [form](https://huntr.dev/bounties/disclose). 
+
 This will enable us to review the vulnerability, fix it promptly, and reward you for your efforts.
 
-If you have any questions about the process, feel free to reach out to hello@chatwoot.com.
+If you have any questions about the process, feel free to reach out to security@chatwoot.com.
+
+
+## Out of scope
+
+Please do not perform testing against Chatwoot production services. Use a self hosted instance to perform tests.
+
+We consider the following to be out of scope, though there may be exceptions.
+
+- Missing HTTP security headers
+- Self XSS
+- HTTP Host Header XSS without working proof-of-concept
+- Incomplete/Missing SPF/DKIM
+- Denial of Service attacks
+- DNSSEC
+- Social Engineering attacks
+
+If you are not sure about the scope, please create a report.
+
+## Thanks
+
+Thank you for keeping Chatwoot and our users safe. 🙇

app/javascript/dashboard/assets/scss/widgets/_conversation-card.scss

@@ -90,11 +90,6 @@
       font-size: $font-size-mini;
       vertical-align: top;
     }
-
-    .message-from-agent {
-      color: $color-gray;
-      font-size: $font-size-mini;
-    }
   }
 
   .conversation--meta {

app/javascript/dashboard/components/widgets/conversation/ConversationCard.vue

@@ -26,7 +26,12 @@
         {{ currentContact.name }}
       </h4>
       <p v-if="lastMessageInChat" class="conversation--message">
-        <i v-if="messageByAgent" class="ion-ios-undo message-from-agent"></i>
+        <i v-if="isMessagePrivate" class="ion-locked last-message-icon" />
+        <i v-else-if="messageByAgent" class="ion-ios-undo last-message-icon" />
+        <i
+          v-else-if="isMessageAnActivity"
+          class="ion-information-circled last-message-icon"
+        />
         <span v-if="lastMessageInChat.content">
           {{ parsedLastMessage }}
         </span>
@@ -144,6 +149,18 @@ export default {
       return messageType === MESSAGE_TYPE.OUTGOING;
     },
 
+    isMessageAnActivity() {
+      const lastMessage = this.lastMessageInChat;
+      const { message_type: messageType } = lastMessage;
+      return messageType === MESSAGE_TYPE.ACTIVITY;
+    },
+
+    isMessagePrivate() {
+      const lastMessage = this.lastMessageInChat;
+      const { private: isPrivate } = lastMessage;
+      return isPrivate;
+    },
+
     parsedLastMessage() {
       const { content_attributes: contentAttributes } = this.lastMessageInChat;
       const { email: { subject } = {} } = contentAttributes || {};
@@ -230,4 +247,9 @@ export default {
     font-size: var(--font-size-mini);
   }
 }
+
+.last-message-icon {
+  color: var(--s-600);
+  font-size: var(--font-size-mini);
+}
 </style>