payloadcms

Files

Jessica Rynkar 5695d22a46 fix: execute mimetype validation on the file buffer data (#13117 )

### What
Introduces an additional `mimeType` validation based on the actual file
data to ensure the uploaded file matches the allowed `mimeTypes` defined
in the upload config.

### Why?
The current validation relies on the file extension, which can be easily
manipulated. For example, if only PDFs are allowed, a JPEG renamed to
`image.pdf` would bypass the check and be accepted. This change prevents
such cases by verifying the true MIME type.

### How?
Performs a secondary validation using the file’s binary data (buffer),
providing a more reliable MIME type check.

Fixes #12905

2025-07-11 16:56:55 +01:00

_community

fix(next): respect collection-level live preview config (#13036 )

2025-07-03 21:47:16 +00:00

access-control

feat(ui): adds support for copy pasting complex fields (#11513 )

2025-07-09 13:59:22 +00:00

admin

feat(next): redirect non-existent documents to list view with banner (#13062 )

2025-07-10 03:10:37 -07:00

admin-bar

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

admin-root

feat(next): add redirect from ${adminRoute}/collections to ${adminRoute} (#13061 )

2025-07-09 10:39:02 -04:00

app

feat: deprecates getPayloadHMR in favor of simpler getPayload (#9249 )

2024-11-16 15:30:05 -05:00

array-update

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

auth

fix: login operation not returning collection and _strategy (#13119 )

2025-07-10 12:13:01 -04:00

auth-basic

chore: run dev:generate-types (#11994 )

2025-04-08 17:25:29 -03:00

benchmark-blocks

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

bulk-edit

fix(ui): block rows unexpectedly collapse and array rows not collapsed on init (#12987 )

2025-06-30 21:12:26 -04:00

collections-graphql

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

collections-rest

feat: collection-level disableBulkEdit (#12850 )

2025-06-19 09:18:29 +00:00

config

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

create-payload-app

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

custom-graphql

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

database

perf(db-postgres): simplify db.updateOne to a single DB call with if the passed data doesn't include nested fields (#13060 )

2025-07-10 16:49:12 +03:00

dataloader

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

email-nodemailer

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

email-resend

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

endpoints

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

field-error-states

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

field-perf

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

fields

feat(ui): adds support for copy pasting complex fields (#11513 )

2025-07-09 13:59:22 +00:00

fields-relationship

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

folders

feat(ui): moves folder rendering from the client to the server (#12710 )

2025-06-10 11:56:28 -04:00

folders-browse-by-disabled

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

form-state

fix(ui): block rows unexpectedly collapse and array rows not collapsed on init (#12987 )

2025-06-30 21:12:26 -04:00

globals

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

graphql

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

graphql-schema-gen

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

helpers

feat(ui): adds support for copy pasting complex fields (#11513 )

2025-07-09 13:59:22 +00:00

hooks

feat: expose data argument in afterChange hook for collections and globals (#12756 )

2025-06-11 06:23:22 -07:00

i18n

fix(translations): improve Spanish translations (#12555 )

2025-05-28 16:50:47 -03:00

import-test

feat: adds jobs queue (#8228 )

2024-10-30 17:56:50 +00:00

joins

fix(ui): monomorphic joins tables not fetching draft documents (#13139 )

2025-07-11 14:26:48 +00:00

lexical

test: fix tests that rely on remote urls (#13073 )

2025-07-07 14:02:55 -04:00

lexical-mdx

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

live-preview

fix(next): respect collection-level live preview config (#13036 )

2025-07-03 21:47:16 +00:00

loader

…

localization

feat(ui): adds support for copy pasting complex fields (#11513 )

2025-07-09 13:59:22 +00:00

localization-rtl

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

locked-documents

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

migrations-cli

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

nested-fields

chore: fix all lint errors and add mechanisms to prevent them from appearing again (#12401 )

2025-05-19 12:36:40 -03:00

payload-cloud

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-cloud-storage

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-form-builder

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-import-export

fix(plugin-import-export): flattening logic for polymorphic relationships in CSV exports (#13094 )

2025-07-09 15:46:48 -04:00

plugin-multi-tenant

test: fix multi-tenant flakes (#12983 )

2025-06-30 17:18:41 -04:00

plugin-nested-docs

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-redirects

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-search

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-sentry

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-seo

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugin-stripe

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

plugins

docs: improve jobs autorun docs, adds e2e test (#12196 )

2025-06-05 09:19:19 -07:00

query-presets

feat(next): version view overhaul (#12027 )

2025-06-16 07:58:03 -04:00

queues

test: reduce queue test amount (#13008 )

2025-07-01 15:55:16 -04:00

relationships

fix(db-postgres): joins with hasMany: true relationships nested to an array (#12980 )

2025-06-30 21:25:29 +03:00

scripts

…

select

feat: allow joins, select, populate, depth and draft to /me REST API operation (#13116 )

2025-07-10 17:44:05 +00:00

server-functions

feat: auth sessions (#12483 )

2025-06-27 09:13:52 -04:00

sort

fix: uses valid fractional index for test (#12942 )

2025-06-26 06:40:18 -04:00

storage-azure

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

storage-gcs

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

storage-s3

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

storage-uploadthing

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

storage-vercel-blob

feat(storage-*): include modified headers into the response headers of files when using adapters (#12096 )

2025-07-10 08:00:26 -07:00

types

fix: strict custom view paths (#12968 )

2025-06-29 14:20:54 -04:00

uploads

fix: execute mimetype validation on the file buffer data (#13117 )

2025-07-11 16:56:55 +01:00

versions

fix(ui): autosave infinite loop within document drawer (#13007 )

2025-07-02 15:11:38 -04:00

.prettierignore

…

.swcrc

…

buildConfigWithDefaults.ts

chore: fix various e2e test setup issues (#12670 )

2025-06-04 17:34:37 -03:00

credentials.ts

…

CustomDashboard.tsx

…

dev.ts

chore: enable turbopack by default in monorepo (#12684 )

2025-06-05 22:01:55 -03:00

docker-compose.yml

fix(plugin-cloud-storage): actually deprecate adapters (#9640 )

2024-12-31 09:14:56 -05:00

eslint.config.js

chore: add eslint rule to ignore default exports in test suite configs (#12655 )

2025-06-17 09:10:42 -04:00

generateDatabaseAdapter.ts

feat(db-postgres): support read replicas (#12728 )

2025-06-09 19:09:52 +00:00

generateDatabaseSchema.ts

feat(db-postgres, db-sqlite): drizzle schema generation (#9953 )

2024-12-19 11:08:17 -05:00

generateGraphQLSchema.ts

…

generateImportMap.ts

feat: payload admin bar (#3684 )

2025-03-05 19:14:35 +00:00

generateTypes.ts

…

helpers.ts

fix(next): respect collection-level live preview config (#13036 )

2025-07-03 21:47:16 +00:00

initDevAndTest.ts

…

jest-spec-reporter.cjs

feat!: on demand rsc (#8364 )

2024-11-11 13:59:05 -05:00

jest.config.js

…

jest.setup.js

fix: localized fields within block references were not handled properly if any parent is localized (#11207 )

2025-02-17 19:50:32 +00:00

jestreporter.cjs

…

next-env.d.ts

build: fix tsconfig monorepo setup (#10028 )

2024-12-17 14:49:29 -05:00

next.config.mjs

perf: 50% faster compilation speed by skipping bundling of server-only packages during dev (#11594 )

2025-03-11 09:45:13 -06:00

package.json

feat(drizzle): support half-precision, binary, and sparse vectors column types (#12491 )

2025-07-02 19:24:53 +03:00

playwright.bail.config.ts

…

playwright.config.ts

chore: fix flaky lexical test (#11035 )

2025-02-07 03:24:49 +00:00

runE2E.ts

chore: enable turbopack by default in monorepo (#12684 )

2025-06-05 22:01:55 -03:00

runInit.ts

…

runInitSeparateProcess.ts

…

safelyRunScript.ts

…

setupProd.ts

feat: payload admin bar (#3684 )

2025-03-05 19:14:35 +00:00

test.env

chore: bump node version in monorepo and add new flag for node 23.6+ (#12328 )

2025-05-12 09:41:18 -04:00

testEmailAdapter.ts

…

testHooks.ts

perf: deduplicate blocks used in multiple places using new config.blocks property (#10905 )

2025-02-14 00:08:20 +00:00

tsconfig.eslint.json

…

tsconfig.json

chore: make TypeScript strict in test folder. Simplify tsconfig (#10582 )

2025-01-14 20:00:00 -03:00

tsconfig.typecheck.json

feat: payload admin bar (#3684 )

2025-03-05 19:14:35 +00:00