fix: notification privacy leak — per-user bills no longer sent to all recipients (v0.23.2)
CRITICAL security fix: In per-user notification mode, the notification runner
was fetching ALL active bills globally and sending each bill's details to
every opted-in recipient regardless of ownership. This meant User A's bill
names, amounts, and due dates could be emailed to User B.
Fix: Added ownership filter in the recipient loop:
if (allowUserConfig && bill.user_id !== recipient.id) continue;
Also added a defensive guard for bills with no user_id (orphaned bills),
which are now skipped with a console.warn instead of being broadcast.
Global notification mode (single admin recipient) is unaffected.
Security audit: Private_Hudson confirmed the fix is airtight. All other
routes (bills, payments, tracker, analytics, export, calendar, summary,
categories) properly scope data by user_id.
Version bump: 0.23.1 → 0.23.2 (security patch)
2026-05-10 12:34:53 -05:00
export const APP _VERSION = '0.23.2' ;
2026-05-03 19:51:57 -05:00
export const APP _NAME = 'BillTracker' ;
export const RELEASE _NOTES = {
fix: notification privacy leak — per-user bills no longer sent to all recipients (v0.23.2)
CRITICAL security fix: In per-user notification mode, the notification runner
was fetching ALL active bills globally and sending each bill's details to
every opted-in recipient regardless of ownership. This meant User A's bill
names, amounts, and due dates could be emailed to User B.
Fix: Added ownership filter in the recipient loop:
if (allowUserConfig && bill.user_id !== recipient.id) continue;
Also added a defensive guard for bills with no user_id (orphaned bills),
which are now skipped with a console.warn instead of being broadcast.
Global notification mode (single admin recipient) is unaffected.
Security audit: Private_Hudson confirmed the fix is airtight. All other
routes (bills, payments, tracker, analytics, export, calendar, summary,
categories) properly scope data by user_id.
Version bump: 0.23.1 → 0.23.2 (security patch)
2026-05-10 12:34:53 -05:00
version : '0.23.2' ,
2026-05-09 23:24:51 -05:00
date : '2026-05-10' ,
2026-05-03 19:51:57 -05:00
highlights : [
fix: notification privacy leak — per-user bills no longer sent to all recipients (v0.23.2)
CRITICAL security fix: In per-user notification mode, the notification runner
was fetching ALL active bills globally and sending each bill's details to
every opted-in recipient regardless of ownership. This meant User A's bill
names, amounts, and due dates could be emailed to User B.
Fix: Added ownership filter in the recipient loop:
if (allowUserConfig && bill.user_id !== recipient.id) continue;
Also added a defensive guard for bills with no user_id (orphaned bills),
which are now skipped with a console.warn instead of being broadcast.
Global notification mode (single admin recipient) is unaffected.
Security audit: Private_Hudson confirmed the fix is airtight. All other
routes (bills, payments, tracker, analytics, export, calendar, summary,
categories) properly scope data by user_id.
Version bump: 0.23.1 → 0.23.2 (security patch)
2026-05-10 12:34:53 -05:00
{ icon : '🔒' , title : 'Critical: Notification Privacy Leak Fix' , desc : 'In per-user notification mode, bills were sent to all opted-in recipients regardless of ownership. Now each recipient only receives their own bills.' } ,
{ icon : '🛡️' , title : 'Orphaned Bill Guard' , desc : 'Defensive check added: bills with no user_id are now skipped with a warning instead of being broadcast to all recipients.' } ,
2026-05-03 19:51:57 -05:00
] ,
2026-05-09 20:25:05 -05:00
} ;
