Skip to content

answer

v2.0.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 5d Productivity & Wikis
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

community forum go q-and-a question react
+1 more
typescript

Affected surfaces

auth rbac

Summary

AI summary

Updates Bug Fixes, @LinkinStars, and New Features across a mixed release.

Changes in this release

Security High

Adds API key scope checks to enhance authorization security

Adds API key scope checks to enhance authorization security

Source: llm_adapter@2026-05-29

Confidence: high
Security Medium

Escapes HTML characters in dynamic email template content

Escapes HTML characters in dynamic email template content

Source: granite4.1:30b@2026-05-29-audit

Confidence: low
Feature Medium

Adds semantic search support in AI chat and embedding ability

Adds semantic search support in AI chat and embedding ability

Source: llm_adapter@2026-05-29

Confidence: high
Feature Medium

Adds vector search plugin and vector sync service for question and answer embeddings

Adds vector search plugin and vector sync service for question and answer embeddings

Source: llm_adapter@2026-05-29

Confidence: high
Feature Medium

Implements HTML rendering for AI chat display content

Implements HTML rendering for AI chat display content

Source: llm_adapter@2026-05-29

Confidence: high
Feature Medium

Improves local plugin path resolution and module replacement handling for local plugins

Improves local plugin path resolution and module replacement handling for local plugins

Source: llm_adapter@2026-05-29

Confidence: low
Bugfix Medium

Fixes attachment upload broken after upgrading to v2.0.0

Fixes attachment upload broken after upgrading to v2.0.0

Source: llm_adapter@2026-05-29

Confidence: high
Bugfix Medium

Aligns Helm install port with service port

Aligns Helm install port with service port

Source: llm_adapter@2026-05-29

Confidence: high
Bugfix Medium

Changes avatar column type to TEXT for long URLs support

Changes avatar column type to TEXT for long URLs support

Source: llm_adapter@2026-05-29

Confidence: high
Bugfix Medium

Updates bubble user background color for dark mode

Updates bubble user background color for dark mode

Source: llm_adapter@2026-05-29

Confidence: high
Bugfix Medium

Normalizes and validates comment IDs and object IDs in comment requests

Normalizes and validates comment IDs and object IDs in comment requests

Source: llm_adapter@2026-05-29

Confidence: high
Bugfix Low

Implements admin moderator visibility checks for timeline objects, answers, and comments

Implements admin moderator visibility checks for timeline objects, answers, and comments

Source: granite4.1:30b@2026-05-29-audit

Confidence: low
Bugfix Low

Enhances admin user cache handling and adds status checks for email verification and suspension

Enhances admin user cache handling and adds status checks for email verification and suspension

Source: granite4.1:30b@2026-05-29-audit

Confidence: low
Bugfix Low

Improves image decoding checks for JPEG, PNG, and GIF uploads

Improves image decoding checks for JPEG, PNG, and GIF uploads

Source: granite4.1:30b@2026-05-29-audit

Confidence: low
Bugfix Low

Corrects variable name in JSON unmarshal for site general information

Corrects variable name in JSON unmarshal for site general information

Source: granite4.1:30b@2026-05-29-audit

Confidence: low
Full changelog

New Features

  • New: Support semantic search in AI chat and embedding ability (@hgaol #1510)
  • New: Add vector search plugin and vector sync service for question and answer embeddings (@hgaol)

Improvements

  • Improve: Enhance local plugin path resolution and module replacement handling for local plugins (@hgaol #1520)

Bug Fixes

  • Fixed: Attachment upload broken after upgrading to v2.0.0 (@robinv8 #1527)
  • Fixed: Keep Helm install port aligned with service port (@Herrtian #1522)
  • Fixed: Change avatar column type to TEXT to support long URLs (@maishivamhoo123 #1499)
  • Fixed: Update bubble user background color for dark mode (@MakiWinster72 #1505)
  • Fixed: Implement HTML rendering for AI chat display content (@LinkinStars)
  • Fixed: Add admin moderator visibility checks for timeline objects, answers, and comments (@LinkinStars)
  • Fixed: Enhance admin user cache handling and add status checks for email verification and suspension (@LinkinStars)
  • Fixed: Add API key scope checks to enhance authorization security (@LinkinStars)
  • Fixed: Normalize and validate comment IDs and object IDs in comment requests (@LinkinStars)
  • Fixed: Improve image decoding checks for JPEG, PNG, and GIF uploads (@LinkinStars)
  • Fixed: Escape HTML characters in dynamic email template content (@LinkinStars)
  • Fixed: Correct variable name in JSON unmarshal for site general information (@kumfo)
  • Fixed: Enhance bracket handling in formatting and add a concurrency test for internationalization (@LinkinStars)

Security Fixes

  • Add API key scope checks to enhance authorization security (@LinkinStars)
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track answer

Get notified when new releases ship.

Sign up free

About answer

A Q&A platform software for teams at any scales. Whether it's a community forum, help center, or knowledge management platform, you can always count on Apache Answer.

All releases →

Related context

Related tools

Beta — feedback welcome: [email protected]