Skip to content

0.9.1#196

Merged
Polliog merged 12 commits intomainfrom
develop
Apr 13, 2026
Merged

0.9.1#196
Polliog merged 12 commits intomainfrom
develop

Conversation

@Polliog
Copy link
Copy Markdown
Collaborator

@Polliog Polliog commented Apr 13, 2026

This pull request is a patch release (0.9.1) focused on fixing a wide range of bugs, improving validation, and enhancing reliability across the backend. Key areas addressed include organization ID handling, improved schema validation, transactional safety for invitations, more robust log retrieval, and better input validation for IDs, limits, and dates. There are also several updates to documentation and version numbers to reflect the new release.

Bug Fixes and Reliability Improvements

  • Fixed organization ID handling in identifier pattern update/delete routes to fall back to the user's first organization if not explicitly provided, aligning with GET/POST behavior. [1] [2]
  • Invitation acceptance is now race-condition safe: membership creation and invitation acceptance are handled in a transaction, with proper handling of concurrent requests and unique constraint violations. [1] [2]
  • Exception log viewer now correctly fetches logs for error groups spanning multiple projects by grouping log IDs by project and issuing separate queries per project. [1] [2]
  • Monitoring and alert routes now validate and clamp limit/offset query parameters to prevent negative or invalid values from reaching the database.
  • Added explicit UUID validation for route parameters and improved schema for date-time fields, including defensive handling of invalid date strings in correlation routes. [1] [2]

Input Validation and Security

  • Added allowlists for SQL sort fields/directions to prevent injection via user-controlled sortBy/sortOrder parameters. (see changelog, CHANGELOG.mdR9-R38)
  • HTTP monitor body assertion regex is now validated with safe-regex2 and compile errors are caught to prevent ReDoS attacks. (packages/backend/src/modules/monitoring/checker.tsR3, see changelog)
  • Log ingestion and parsing now handle null/boolean/empty log levels more robustly and return correct counts. [1] [2]

Schema and API Consistency

  • Project rename now accepts null for descriptions by using z.string().nullable().optional(), matching database behavior. (see changelog, CHANGELOG.mdR9-R38)
  • Pipeline create/preview/import routes now merge organizationId from query params into the request body before validation, ensuring compatibility with frontend requests. [1] [2] [3]

Documentation and Version Updates

  • Updated README.md and package.json files to reflect version 0.9.1 and document new features and fixes. [1] [2] [3] [4] [5]
  • Added a detailed changelog for 0.9.1 summarizing all major fixes and improvements.

Closes: #193, Closes: #194, Closes: #195

polliog and others added 11 commits April 13, 2026 12:57
fix: URL encode tokens and rule IDs in redirects to prevent navigatio…
f8ff4ee 
…n issues
fix: fallback to user's first organization when organizationId is not…
d3e7d19 
… specified in PUT and DELETE routes
fix log-pipeline create/preview/import: read organizationId from que…
6f01a31 
…ry param (#193, #194)
fix project rename: accept null description in update schema (#195)
4a1c8ab
@Polliog
fix: URL encode tokens and rule IDs in redirects to prevent navigatio…
3bb186b 
…n issues
@Polliog
fix: fallback to user's first organization when organizationId is not…
cc120be 
… specified in PUT and DELETE routes
@Polliog
fix log-pipeline create/preview/import: read organizationId from que…
453a866 
…ry param (#193, #194)
@Polliog
fix project rename: accept null description in update schema (#195)
946f647
@Polliog
Merge remote-tracking branch 'origin/develop' into develop
94f7e22
@Polliog
Merge branch 'main' into develop
5d66583
@Polliog
chore: bump version to 0.9.1 in package.json and update release notes
d984868
github-code-quality[bot]
github-code-quality Bot found potential problems Apr 13, 2026
View reviewed changes
Comment thread packages/reservoir/src/engines/timescale/query-translator.ts Fixed
@codecov
Copy link
Copy Markdown

codecov Bot commented Apr 13, 2026
edited
Loading

Codecov Report

❌ Patch coverage is 82.75862% with 45 lines in your changes missing coverage. Please review.

Files with missing lines Patch % Lines
...ackages/backend/src/modules/invitations/service.ts 66.66% 9 Missing ⚠️
...ackages/backend/src/modules/pii-masking/service.ts 22.22% 7 Missing ⚠️
packages/backend/src/modules/query/routes.ts 0.00% 7 Missing ⚠️
packages/backend/src/modules/monitoring/routes.ts 87.23% 6 Missing ⚠️
...ages/backend/src/modules/sigma/detection-engine.ts 14.28% 6 Missing ⚠️
packages/backend/src/modules/correlation/routes.ts 61.53% 5 Missing ⚠️
packages/backend/src/modules/users/service.ts 25.00% 3 Missing ⚠️
...kages/backend/src/modules/organizations/service.ts 93.10% 2 Missing ⚠️

📢 Thoughts on this report? Let us know!

@Polliog
fix unused idx assignment, add tests for coverage
77c4d7d 
- remove unused idx reassignment in query-translator translateDelete
- add tests for invalid UUID params in monitoring routes
- add tests for parsePositiveInt edge cases
- add tests for null status recovery in monitoring service
- add test for invalid referenceTime in correlation routes
@Polliog Polliog merged commit a6642aa into main Apr 13, 2026
10 of 15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@github-code-quality github-code-quality[bot] github-code-quality[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

1 participant

@Polliog