From 1c96d645baf7bfd9fed63a9ed140175fb06d4406 Mon Sep 17 00:00:00 2001 From: Manuel Raynaud Date: Thu, 30 Oct 2025 15:29:11 +0100 Subject: [PATCH] =?UTF-8?q?=F0=9F=90=9B(backend)=20fix=20s3=20version=5Fid?= =?UTF-8?q?=20validation?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The regex used on the version_detail endpoint path is not fully compatible with the S3 spec. In the S3 specs, Version IDs are Unicode, UTF-8 encoded, URL-ready, opaque strings that are no more than 1,024 bytes long. We don't accept all unicode characters but enough to be compliant. --- CHANGELOG.md | 1 + src/backend/core/api/viewsets.py | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a08acaa2..9a86e0f2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -23,6 +23,7 @@ and this project adheres to - 🐛(backend) fix trashbin list - ♿(frontend) improve accessibility: - ♿(frontend) remove empty alt on logo due to Axe a11y error #1516 +- 🐛(backend) fix s3 version_id validation ## [3.8.2] - 2025-10-17 diff --git a/src/backend/core/api/viewsets.py b/src/backend/core/api/viewsets.py index 7c8015cd..84402cea 100644 --- a/src/backend/core/api/viewsets.py +++ b/src/backend/core/api/viewsets.py @@ -1105,7 +1105,7 @@ class DocumentViewSet( @drf.decorators.action( detail=True, methods=["get", "delete"], - url_path="versions/(?P[0-9a-z-]+)", + url_path=r"versions/(?P[A-Za-z0-9._+\-=~]{1,1024})", ) # pylint: disable=unused-argument def versions_detail(self, request, pk, version_id, *args, **kwargs):