docs(issues): mark ISSUE-001 and ISSUE-002 resolved, update index

Both dispute privilege-escalation issues fixed in backend disputeRoutes.ts.
Index updated: 51 open (12 critical), 2 resolved.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Siavash Sameni
2026-05-29 15:58:30 +04:00
parent c6bbb4bdcb
commit 12348ebb80
3 changed files with 7 additions and 3 deletions

View File

@@ -4,7 +4,9 @@ title: "PATCH /api/disputes/:id/status and POST /api/disputes/:id/resolve have n
severity: critical severity: critical
domain: Dispute domain: Dispute
labels: [security, bug, backend, privilege-escalation] labels: [security, bug, backend, privilege-escalation]
status: open status: resolved
resolved: 2026-05-29
fix: "Added authorizeRoles('admin') middleware to PATCH /:id/status and POST /:id/resolve in backend/src/routes/disputeRoutes.ts"
created: 2026-05-29 created: 2026-05-29
source: Doc vs Code Audit 2026-05-29 source: Doc vs Code Audit 2026-05-29
--- ---

View File

@@ -4,7 +4,9 @@ title: "POST /api/disputes/:id/assign has no role guard — any user can self-as
severity: critical severity: critical
domain: Dispute domain: Dispute
labels: [security, bug, backend, privilege-escalation] labels: [security, bug, backend, privilege-escalation]
status: open status: resolved
resolved: 2026-05-29
fix: "Added authorizeRoles('admin') middleware to POST /:id/assign in backend/src/routes/disputeRoutes.ts"
created: 2026-05-29 created: 2026-05-29
source: Doc vs Code Audit 2026-05-29 source: Doc vs Code Audit 2026-05-29
--- ---

View File

@@ -1,7 +1,7 @@
# Issues Index # Issues Index
> Generated from Doc vs Code Audit — 2026-05-29 · last reconciled 2026-05-29 > Generated from Doc vs Code Audit — 2026-05-29 · last reconciled 2026-05-29
> **53 open issues** | 🔴 14 critical · 🟠 39 major · 🟡 0 minor · ⚪ 1 invalid (stale audit) > **51 open issues** | 🔴 12 critical · 🟠 39 major · 🟡 0 minor · ⚪ 1 invalid (stale audit) · ✅ 2 resolved
## 🔴 Critical ## 🔴 Critical