php · filament/filamentHeads-up
filament/filament: Unauthenticated File Uploads via WithFileUploads Trait
Filament applies Livewire's WithFileUploads trait to all schemas, including those that do not require file uploads, allowing unauthenticated file uploads to tem
What changed
Filament applies Livewire's WithFileUploads trait to all schemas, including those that do not require file uploads, allowing unauthenticated file uploads to temporary storage.
Who it affects
Applications using Filament with unauthenticated schemas (e.g., login form) that have file upload fields enabled by default.
What to do today
Review your Filament schemas and disable file uploads on components that do not require them, or apply authentication checks.
The trail
Collected→
Audited→
Written→
Published