Jordan Montgomery 227e94de5b 🤖 Chore: remove deprecated appendListOptionsWithCursorToSQL (#44385) ... <!-- Add the related story/sub-task/bug number, like Resolves #123, or remove if NA --> **Related issue:** Resolves #44723 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [x] Changes file added for user-visible changes in `changes/`, `orbit/changes/` or `ee/fleetd-chrome/changes`. See [Changes files](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/guides/committing-changes.md#changes-files) for more information. - [x] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements), JS inline code is prevented especially for url redirects, and untrusted data interpolated into shell scripts/commands is validated against shell metacharacters. - [x] If paths of existing endpoints are modified without backwards compatibility, checked the frontend/CLI for any necessary changes ## Testing - [x] Added/updated automated tests - [x] Where appropriate, [automated tests simulate multiple hosts and test for host isolation](https://github.com/fleetdm/fleet/blob/main/docs/Contributing/reference/patterns-backend.md#unit-testing) (updates to one hosts's records do not affect another) - [ ] QA'd all new/changed functionality manually <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **Bug Fixes** * Strengthened validation of sorting/order parameters across many list and cursor-based endpoints — unsupported sort keys now return explicit errors and prevent unsafe queries. * Labels listing: label-list pagination query name changed; ordering by host_count is rejected when host counts are disabled (validated at request parsing). * **Tests** * Added/expanded tests covering allowed order keys, rejection of unknown keys, and pagination behavior for multiple listing APIs. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Lucas Manuel Rodriguez <lucas@fleetdm.com>		2026-05-05 10:26:47 -04:00
..
acl	Dashboard charts backend (#43910)	2026-04-23 12:43:23 -05:00
activity	Added middleware for api-only users auth (#43772)	2026-04-21 07:11:33 -04:00
api_endpoints	Add explicit checks for forbidden API only endpoints (future proofing) (#44664)	2026-05-04 13:47:57 -03:00
archtest	Refactor endpoint_utils for modularization (#36484)	2025-12-31 09:12:00 -06:00
authz	Implement GET /api/v1/fleet/rest_api (#42883)	2026-04-10 11:12:38 -04:00
aws_common	Feat 1817 add iam auth to mysql and redis (#32488)	2025-09-04 10:08:47 -05:00
bindata
chart	Optimize data collection: add index and batch deletes (#44692)	2026-05-05 08:29:47 -05:00
config	Redis-backed cache for host-by-key lookups (#43936)	2026-05-01 12:06:16 -05:00
contexts	Move PostJSONWithTimeout to platform/http package and activity cleanup (#40561)	2026-02-26 17:39:10 -06:00
cron	Potential fix for code scanning alert no. 1537: Incorrect conversion between integer types (#43918)	2026-04-22 11:57:03 -05:00
crypto	Crypto package for db encryption (#41139)	2026-03-11 16:45:59 -06:00
datastore	🤖 Chore: remove deprecated appendListOptionsWithCursorToSQL (#44385)	2026-05-05 10:26:47 -04:00
dev_mode	Add lock semantics around dev_mode.IsEnabled to avoid data races (#42646)	2026-03-31 07:49:45 -04:00
errorstore	Incremental migration to slog (#40120)	2026-02-19 15:35:35 -06:00
fleet	🤖 Chore: remove deprecated appendListOptionsWithCursorToSQL (#44385)	2026-05-05 10:26:47 -04:00
goose	Use UTC timestamps for DB migrations (#36228)	2025-11-24 15:49:10 -06:00
health	slog migration: service layer + subsystem libraries (#40661)	2026-02-26 17:40:46 -06:00
launcher	Final slog migration PR: test infrastructure + tools + remaining standalone files (#40727)	2026-02-28 05:52:21 -06:00
live_query	Incremental migration to slog (#40120)	2026-02-19 15:35:35 -06:00
logging	Migrated logging and google calendar files to use slog (#40541)	2026-02-26 12:48:54 -06:00
mail	Run multiple independent Fleet dev servers in parallel (#41865)	2026-03-18 13:58:58 -05:00
mdm	Fix code default profile (#44601)	2026-05-01 12:27:44 -06:00
mock	Add ability to upload custom org logos (#44390)	2026-05-05 14:42:52 +02:00
platform	Move script request and response types from server/service to server/fleet (#43868)	2026-04-28 09:12:43 -03:00
policies	Migrating maintained apps, failing policies, and webhooks to slog. (#40149)	2026-02-23 08:50:40 -06:00
ptr	Fix issue with GitOps incorrectly wiping policy stats (#43282)	2026-04-08 17:03:08 -05:00
pubsub	Incremental migration to slog (#40120)	2026-02-19 15:35:35 -06:00
service	🤖 Chore: remove deprecated appendListOptionsWithCursorToSQL (#44385)	2026-05-05 10:26:47 -04:00
shellquote
sso	redirect to correct URL, and allow both URLs for MDM SSO SAML validation if set (#44156)	2026-04-29 08:43:58 -06:00
test	Move NewActivity to activity bounded context (#39521)	2026-02-25 14:11:03 -06:00
variables	DCSW: Support all IDP variables in Windows config profiles (#34707)	2025-10-24 10:10:58 -03:00
version
vulnerabilities	fleetctl vulnerability-data-stream to download OSV data (#44260)	2026-04-30 10:46:51 -06:00
webhooks	Feat/31914 patch policy (#41518)	2026-03-13 16:47:09 -04:00
websocket
worker	43885: MLAPR migration + UUID capture (#44244)	2026-04-29 11:14:50 -04:00
utils.go	Allow the creation of API-only users (#43440)	2026-04-16 11:11:39 -04:00
utils_test.go	Allow the creation of API-only users (#43440)	2026-04-16 11:11:39 -04:00