From aa31c703c485ce893239c7700a3f81b89961ce96 Mon Sep 17 00:00:00 2001 From: acaptutorials Date: Mon, 17 Feb 2025 03:05:02 +0800 Subject: [PATCH] chore: relocate tech debts fragment url --- docs/pages/changelog.mdx | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/pages/changelog.mdx b/docs/pages/changelog.mdx index c4cdee17..c2461e85 100644 --- a/docs/pages/changelog.mdx +++ b/docs/pages/changelog.mdx @@ -72,8 +72,8 @@ ACAP 2.0 is the latest ACAP version. Its latest stable version is Release/Tag ve Version 2.0 and later versions may have new requirements that will thrive on new development approaches loosely tied to the recommended [Security](/security) and [Server](/directories/server) guidelines of **ACAP 1.0**, requiring thorough testing and validation. -
+ 1. **Flexible Firestore Database Use:** ACAP version 2.0+ adopted a more flexible approach for handling data management, facilitating faster feature development by performing _WRITE operations to the database directly from the web front end_ coupled with more _lenient Firestore database Rules_. However, this shift also introduced the potential for data to enter the database without the usual front-end controls through the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/). While this was not an issue in [Version 1.0](#version-1-acap-10), it emerged as part of the effort to enhance development speed and feature delivery starting with Version 2.0. 2. **Cross-Site Scripting (XSS) Vulnerability in Crop Recommendations:** Related to item 1, the new process for editing WYSIWYG HTML-form crop recommendations input may allow unsafe or inaccurate content due to limited validation through the [Firestore REST APIs](https://cloud.google.com/firestore/docs/reference/rest/). Risks associated with this were recognized early in the process, but the focus on delivering core features led to a delay in integrating security measures.