Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: GeiserX/Telegram-Archive
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v7.4.0
Choose a base ref
...
head repository: GeiserX/Telegram-Archive
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v7.4.1
Choose a head ref
  • 2 commits
  • 5 files changed
  • 1 contributor

Commits on Mar 31, 2026

  1. fix: security hardening round 2 — avatar ACL, push auth, reactions, u… 

    …nsubscribe (v7.4.1)

- Avatar ACL: extract chat_id from avatar filenames to enforce per-chat
  scoping for restricted users (serve_media + serve_thumbnail)
- /internal/push: add optional INTERNAL_PUSH_SECRET bearer token to
  prevent co-tenant containers from spoofing live events
- Reaction recovery: retry ALL reactions after sequence reset, not just
  the one that triggered the duplicate-key error (rollback loses all)
- Push unsubscribe: scope DELETE to requesting user's username to prevent
  cross-user endpoint removal
    @GeiserX
    GeiserX committed Mar 31, 2026
    Configuration menu
    Copy the full SHA
    ee67761 View commit details
    Browse the repository at this point in the history

  2. Merge pull request #99 from GeiserX/fix/security-hardening-round2 

    fix: security hardening round 2 (v7.4.1)
    @GeiserX
    GeiserX authored Mar 31, 2026
    Configuration menu
    Copy the full SHA
    1242bf1 View commit details
    Browse the repository at this point in the history
Loading