release: v1.3.1

.github/workflows/codeql.yml

@@ -16,6 +16,9 @@ jobs:
       contents: read
       security-events: write
 
+    env:
+      CODEQL_ACTION_FILE_COVERAGE_ON_PRS: "false"
+
     strategy:
       fail-fast: false
       matrix:

README.md

@@ -10,7 +10,7 @@
 <p align="center">
     <a href="https://plane.so/"><b>Website</b></a> •
     <a href="https://forum.plane.so"><b>Forum</b></a> •
-    <a href="https://twitter.com/planepowers"><b>Twitter</b></a> •
+    <a href="https://x.com/planepowers"><b>X</b></a> •
     <a href="https://docs.plane.so/"><b>Documentation</b></a>
 </p>
 

apps/admin/app/(all)/(dashboard)/general/form.tsx

@@ -16,8 +16,6 @@ import { Input, ToggleSwitch } from "@plane/ui";
 import { ControllerInput } from "@/components/common/controller-input";
 // hooks
 import { useInstance } from "@/hooks/store";
-// components
-import { IntercomConfig } from "./intercom";
 
 export interface IGeneralConfigurationForm {
   instance: IInstance;
@@ -27,14 +25,13 @@ export interface IGeneralConfigurationForm {
 export const GeneralConfigurationForm = observer(function GeneralConfigurationForm(props: IGeneralConfigurationForm) {
   const { instance, instanceAdmins } = props;
   // hooks
-  const { instanceConfigurations, updateInstanceInfo, updateInstanceConfigurations } = useInstance();
+  const { updateInstanceInfo } = useInstance();
 
   // form data
   const {
     handleSubmit,
     control,
     formState: { errors, isSubmitting },
-    watch,
   } = useForm<Partial<IInstance>>({
     defaultValues: {
       instance_name: instance?.instance_name,
@@ -45,17 +42,6 @@ export const GeneralConfigurationForm = observer(function GeneralConfigurationFo
   const onSubmit = async (formData: Partial<IInstance>) => {
     const payload: Partial<IInstance> = { ...formData };
 
-    // update the intercom configuration
-    const isIntercomEnabled =
-      instanceConfigurations?.find((config) => config.key === "IS_INTERCOM_ENABLED")?.value === "1";
-    if (!payload.is_telemetry_enabled && isIntercomEnabled) {
-      try {
-        await updateInstanceConfigurations({ IS_INTERCOM_ENABLED: "0" });
-      } catch (error) {
-        console.error(error);
-      }
-    }
-
     await updateInstanceInfo(payload)
       .then(() =>
         setToast({
@@ -112,8 +98,7 @@ export const GeneralConfigurationForm = observer(function GeneralConfigurationFo
       </div>
 
       <div className="space-y-6">
-        <div className="border-b border-subtle pb-1.5 text-16 font-medium text-primary">Chat + telemetry</div>
-        <IntercomConfig isTelemetryEnabled={watch("is_telemetry_enabled") ?? false} />
+        <div className="border-b border-subtle pb-1.5 text-16 font-medium text-primary">Telemetry</div>
         <div className="flex items-center gap-14">
           <div className="flex grow items-center gap-4">
             <div className="shrink-0">

apps/api/plane/api/serializers/issue.py

@@ -480,44 +480,52 @@ class Meta:
         ]
 
 
+class IssueRelationRefSerializer(serializers.Serializer):
+    """Project-scoped reference to a related work item."""
+
+    project_id = serializers.UUIDField(help_text="Project containing the related work item")
+    issue_id = serializers.UUIDField(help_text="ID of the related work item")
+
+
 class IssueRelationResponseSerializer(serializers.Serializer):
     """
     Serializer for issue relations response showing grouped relation types.
 
-    Returns issue IDs organized by relation type for efficient client-side processing.
+    Each list contains project_id and issue_id pairs so clients can resolve
+    cross-project relations.
     """
 
     blocking = serializers.ListField(
-        child=serializers.UUIDField(),
-        help_text="List of issue IDs that are blocking this issue",
+        child=IssueRelationRefSerializer(),
+        help_text="Work items blocking this issue",
     )
     blocked_by = serializers.ListField(
-        child=serializers.UUIDField(),
-        help_text="List of issue IDs that this issue is blocked by",
+        child=IssueRelationRefSerializer(),
+        help_text="Work items this issue is blocked by",
     )
     duplicate = serializers.ListField(
-        child=serializers.UUIDField(),
-        help_text="List of issue IDs that are duplicates of this issue",
+        child=IssueRelationRefSerializer(),
+        help_text="Duplicate work items",
     )
     relates_to = serializers.ListField(
-        child=serializers.UUIDField(),
-        help_text="List of issue IDs that relate to this issue",
+        child=IssueRelationRefSerializer(),
+        help_text="Related work items",
     )
     start_after = serializers.ListField(
-        child=serializers.UUIDField(),
-        help_text="List of issue IDs that start after this issue",
+        child=IssueRelationRefSerializer(),
+        help_text="Work items that start after this issue",
     )
     start_before = serializers.ListField(
-        child=serializers.UUIDField(),
-        help_text="List of issue IDs that start before this issue",
+        child=IssueRelationRefSerializer(),
+        help_text="Work items that start before this issue",
     )
     finish_after = serializers.ListField(
-        child=serializers.UUIDField(),
-        help_text="List of issue IDs that finish after this issue",
+        child=IssueRelationRefSerializer(),
+        help_text="Work items that finish after this issue",
     )
     finish_before = serializers.ListField(
-        child=serializers.UUIDField(),
-        help_text="List of issue IDs that finish before this issue",
+        child=IssueRelationRefSerializer(),
+        help_text="Work items that finish before this issue",
     )
 
 

apps/api/plane/api/views/asset.py

@@ -17,6 +17,7 @@
 # Module Imports
 from plane.bgtasks.storage_metadata_task import get_asset_object_metadata
 from plane.settings.storage import S3Storage
+from plane.utils.path_validator import sanitize_filename
 from plane.db.models import FileAsset, User, Workspace
 from plane.api.views.base import BaseAPIView
 from plane.api.serializers import (
@@ -114,7 +115,7 @@ def post(self, request):
         This endpoint generates the necessary credentials for direct S3 upload.
         """
         # get the asset key
-        name = request.data.get("name")
+        name = sanitize_filename(request.data.get("name")) or "unnamed"
         type = request.data.get("type", "image/jpeg")
         size = int(request.data.get("size", settings.FILE_SIZE_LIMIT))
         entity_type = request.data.get("entity_type", False)
@@ -287,7 +288,7 @@ def post(self, request):
         necessary credentials for direct S3 upload with server-side authentication.
         """
         # get the asset key
-        name = request.data.get("name")
+        name = sanitize_filename(request.data.get("name")) or "unnamed"
         type = request.data.get("type", "image/jpeg")
         size = int(request.data.get("size", settings.FILE_SIZE_LIMIT))
         entity_type = request.data.get("entity_type", False)
@@ -498,7 +499,7 @@ def post(self, request, slug):
         Create a presigned URL for uploading generic assets that can be bound to entities like work items.
         Supports various file types and includes external source tracking for integrations.
         """
-        name = request.data.get("name")
+        name = sanitize_filename(request.data.get("name"))
         type = request.data.get("type")
         size = int(request.data.get("size", settings.FILE_SIZE_LIMIT))
         project_id = request.data.get("project_id")