dkatzz
dkatzz
When I try to set enable_autoscaling to false, I get an error: │ Error: Unsupported argument │ │ on app.tf line 378, in module "ecs_fargate_service": │ 378: enable_autoscaling = false...
**Describe the bug** When APPLICATION_EXPORTABLE flag is turned on, applicants are able to download a PDF of their application after submitting. If the program includes a file upload question, there...
**Describe the bug** CiviForm admins that are allowed to review programs through the ALLOW_CIVIFORM_ADMIN_ACCESS_PROGRAMS flag, are not able to download files from programs **To Reproduce** Steps to reproduce the behavior:...
**Describe the bug** By manipulating the program ID within the URL(https://staging-aws.civiform.dev/programs//review), applicants can access and submit data to programs even if they are not public to the applicant (Hidden from...
**Describe the bug** For developers working in vscode, routes don't get resolved, so there are red lines under any routes, which makes it look like something is wrong in the...
**Describe the bug** The member addition functionality for intermediary groups does not enforce a non-null check. This permits the submission of empty values. **To Reproduce** Steps to reproduce the behavior:...
**Describe the bug** The program's image upload functionality relies on client-side file type checks, which can be bypassed. This allows an attacker to upload potentially harmful files disguised with permitted...
**Describe the bug** The application's administrative interface lacks proper rendering and layout handling for exceptionally long 'Name' field entries like `#0000108ert('XSS')#0000108ert('XSS')>`. This leads to horizontal overflow, impairing administrative usability **To...
**Describe the bug** The application is susceptible to a payload injection in the 'Name' fields. An attacker could insert a payload like \, triggering server errors during PDF export and...
**Describe the bug** The program's email field functionality relies on client-side file type checks, which can be bypassed by modifying the value within the submitted request, compromising the integrity of...