Fix Archer Jira ticket description auto-population and security audit fixes

Auto-populate description field when creating Jira tickets from the Archer page with ticket metadata (EXC number, CVE, vendor, status, Archer URL). Previously the description was always empty, requiring manual entry. Includes security audit fixes for SQL injection prevention and input validation in compliance, VCL multi-vertical, and CCP metrics routes. Updates security audit tracker documentation.
2026-06-05 09:53:53 -06:00
parent e8aa7038ad
commit af5fa11421
6 changed files with 133 additions and 114 deletions
--- a/backend/server.js
+++ b/backend/server.js
@@ -138,7 +138,7 @@ app.use(express.json({
  type: 'application/json'
 }));
 app.use(cookieParser());
-app.use('/uploads', express.static('uploads', {
+app.use('/uploads', requireAuth(), express.static('uploads', {
    dotfiles: 'deny',
    index: false
 }));