关键漏洞信息 v1.7.7 Security Advisory Vulnerabilities Found: Two vulnerabilities were identified in Grist through a private bug bounty program funded by DINUM (the Interministerial Digital Directorate of the French government). These have been addressed. - Fetch URL Feature: A user could execute a request to an external server with privileged network access. - Mitigation: Ensure that network requests go through a trusted proxy. - /compare Endpoint: Users could use the endpoint to access document history parts that they might not have read access to. - Mitigation: The endpoint is now restricted to users with full read access. Versions Prior to 1.7.6: Known to be vulnerable. It is recommended to upgrade. Documentation: The advisories are also documented on the security advisory page. What's Changed Missing login fixed in Service Accounts API responses. Admin panel now shows information about the currently assigned installation admin role. Miscellaneous bug fixes and translations. Grist Enterprise Streamlined procedure and instructions for building Grist with Enterprise Edition extensions now documented in the README.