Stanislas Polu
Stanislas Polu
## Description Fixes https://github.com/dust-tt/dust/issues/12145 HTML escape user submitted elements that can be sent over email with customer.io   ## Tests Tested locally ##...
H1 report: https://hackerone.com/bugs?subject=user&report_id=3103475 Using workspace name `test` will inject the HTML in customer.io emails body including the Welcome to Dust email. This can be used to temper with our email...
Data source creation can circumvent plan limits with concurrent requests. H1 report: https://hackerone.com/bugs?subject=user&report_id=3104355
H1 report: https://hackerone.com/bugs?subject=user&report_id=3112106 99% it's not possible to call an agent you don't have access to by sId mention but we definitely want to double check as well (we surely...
https://app.datadoghq.eu/logs?query=%22Query%20uses%20tables%20that%20are%20not%20allowed%22&agg_m=count&agg_m_source=base&agg_t=count&clustering_pattern_field_path=message&cols=host%2Cservice&event=AwAAAZW5GvMactcShQAAABhBWlc1R3dCakFBRGFTUUR5LWlxNWhRRGMAAAAkMDE5NWI5MWItMDU2My00OWQxLTgzMzQtYTY5OTM0NzdiOGY3AAAYFQ&fromUser=true&messageDisplay=inline&refresh_mode=sliding&storage=hot&stream_sort=desc&viz=stream&from_ts=1742461205528&to_ts=1742475605528&live=true https://dust4ai.slack.com/archives/C050A0S2Z7F/p1742550562607929
Similar to tables upsert, move to using the fileAPI for document upserts (sections)