Issues [highway-workflow-engine]

ID	Title	Status	Priority	Created	Due Date	Actions
#419	Test Bug Report bug-report user-submitted Test description Reporter: test@example.com	closed	medium	2025-12-14 12:16	-	Edit
#418	Test Bug bug-report Test bug Reporter: test@example.com	closed	medium	2025-12-14 12:15	-	Edit
#416	Test Issue test Test description	closed	medium	2025-12-14 12:15	-	Edit
#414	Long-held transactions during task execution cause connection pool pressure ## Problem During test execution, observed up to 34 idle_in_transaction connections with total conne...	closed	medium	2025-12-12 20:22	-	Edit
#413	Fix: Platform roles missing view_logs permission Platform roles (platform_owner, platform_admin, platform_support) were missing the 'view_logs' permi...	closed	medium	2025-12-12 17:35	-	Edit
#403	circuit_breaker_reset.py CLI still uses /tmp flag files engine/cli/circuit_breaker_reset.py:13-18 still uses /tmp flag file mechanism that was supposed to b...	closed	medium	2025-12-12 05:49	-	Edit
#402	Weak PRNG in tracing.py for trace/span ID generation engine/utils/tracing.py:94,103 uses random.getrandbits() instead of secrets module for trace/span ID...	closed	medium	2025-12-12 05:49	-	Edit
#399	MEDIUM: Uncaught ValueError in API integer parsing Multiple API endpoints use int(request.args.get()) without try-except: schedules.py:685, tenant_apps...	closed	medium	2025-12-11 22:44	-	Edit
#398	MEDIUM: Global circuit breaker can be toggled via /tmp flag files config.py:339,343 - Circuit breaker state controlled by /tmp/.highway_circuit_breaker_enabled and di...	closed	medium	2025-12-11 22:44	-	Edit
#395	MEDIUM: No upper bound validation on timeout duration strings shell_command.py:153-186 - ISO 8601 duration parsing has no max validation. Malicious workflow could...	closed	medium	2025-12-11 22:21	-	Edit
#394	MEDIUM: Sandbox code injection via triple-quote escape bypass sandbox.py:285 - User code escaped with simple replace for triple quotes. Edge cases like backslash-...	closed	medium	2025-12-11 22:21	-	Edit
#393	MEDIUM: Missing tenant isolation in checkpoint queries absurd_client.py:728-764 - get_checkpoints_for_run() queries by owner_run_id without tenant_id filte...	closed	medium	2025-12-11 22:21	-	Edit
#392	MEDIUM: Sandbox bypass via cached sys.modules sandbox/sandbox.py:99-132 - Replaces builtins.__import__ but doesn't clear sys.modules. Banned modul...	closed	medium	2025-12-11 22:21	-	Edit
#391	MEDIUM: SSRF bypass via DNS rebinding (TOCTOU) http_request.py:107-124 - DNS resolved at validation time, but request may resolve to different IP (...	closed	medium	2025-12-11 22:21	-	Edit
#381	MEDIUM: Docker containers not killed on timeout (resource leak) sandbox.py:341 - When container.wait() times out, container may still be running. Finally block may ...	closed	medium	2025-12-11 21:54	-	Edit
#380	MEDIUM: Unbounded circuit breaker cache (memory leak) http_request.py:136-199 - Per-workflow circuit breakers in _circuit_breaker_cache never cleaned up. ...	closed	medium	2025-12-11 21:54	-	Edit
#379	MEDIUM: ToolRegistry singleton not thread-safe registry.py:305-320 - get_tool_registry() singleton creation has race condition. Multiple threads co...	closed	medium	2025-12-11 21:54	-	Edit
#378	MEDIUM: SchedulerService breaks atomic transaction boundary scheduler_service.py uses autocommit=True but needs atomic scan+submit+update operation. Uses differ...	closed	medium	2025-12-11 21:54	-	Edit
#370	MEDIUM: _save_state not called automatically before sleep/commit ## Issue The _save_state() method in engine/durable_context.py:1462-1496 persists executed_tasks, f...	closed	medium	2025-12-11 21:40	-	Edit
#369	MEDIUM: Circuit breaker cache uses file system flag for reset ## Issue Circuit breaker cache reset in engine/tools/shell_command.py:63-84 relies on flag file /tm...	closed	medium	2025-12-11 21:39	-	Edit

Previous Page 6 of 11 Next