You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
apps.json isolation: app users could read other apps' webhook tokens via shared www-data group membership. Introduced dedicated cipi-api group — only www-data (PHP-FPM) belongs to it, so app SSH users can no longer access /etc/cipi/apps.json
Changed
ensure_apps_json_api_access() now creates and uses a cipi-api group instead of relying on the www-data group directly
Migration 4.0.8.sh fixes permissions on existing servers and restarts PHP-FPM to pick up the new group
API .env now defaults to APP_ENV=production and APP_DEBUG=false on fresh install and upgrade
