>_
.issue.db
/highway-workflow-engine
Dashboard
Issues
Memory
Lessons
Audit Log
New Issue
Edit Issue #389
Update issue details
Title *
Description
durable_context.py:1683-1698 - NOTIFY uses f-string: cur.execute(f"NOTIFY \"{channel}\", '{payload}'"). Channel not sanitized, payload quote escaping can be bypassed. Fix: Use pg_notify(): cur.execute("SELECT pg_notify(%s, %s)", (channel, payload))
Priority
Low
Medium
High
Critical
Status
Open
In Progress
Closed
Won't Do
Due Date (YYYY-MM-DD)
Tags (comma separated)
Related Issues (IDs)
Enter IDs of issues related to this one. They will be linked as 'related'.
Update Issue
Cancel