solidtime

v0.12.2 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 16d Productivity & Wikis

✓ No known CVEs patched

This release patches 1 known CVE

Topics

laravel self-hosted time-tracker time-tracking timetracker timetracking

+2 more

timetrackingapp vue

Affected surfaces

auth rbac

Summary

AI summary

Fix serialized inertia props exposing invitation and member emails to unauthorized users

Type	Severity	Summary	CVE
Security	High	Fix serialized inertia props exposing pending invitation and member emails to unauthorized users. Fix serialized inertia props exposing pending invitation and member emails to unauthorized users. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—
Feature	Low	Add alphabetic sorting to multiselect dropdowns. Add alphabetic sorting to multiselect dropdowns. Source: granite4.1:8b-q6_K@2026-05-19 Confidence: high	—

Full changelog

[!NOTE]
This release includes security fixes, please make sure to upgrade as soon as possible.

add alphabetic sorting to multiselect dropdowns by @Onatcer in https://github.com/solidtime-io/solidtime/pull/1066
fix serialized inertia props exposing pending invitation and member emails to users who lack invitations:view/members:view permission inside the response body of the team page thanks @ashrexon for the report

Full Changelog: https://github.com/solidtime-io/solidtime/compare/v0.12.1...v0.12.2

GHSA-33xq-wf67-c7vh — serialized inertia props no longer expose pending invitation and member emails to users lacking invitations:view/members:view permission on the team page

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track solidtime

Get notified when new releases ship.

About solidtime

Modern open-source time-tracking app