From d8d141496274fc7692e74020271deef8c3875957 Mon Sep 17 00:00:00 2001
From: Torsten Dittmann <torsten.dittmann@googlemail.com>
Date: Tue, 10 Aug 2021 10:30:39 +0200
Subject: [PATCH 1/4] prepare 0.9.4 version

---
 README.md                            | 6 +++---
 app/init.php                         | 2 +-
 src/Appwrite/Migration/Migration.php | 1 +
 3 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index c0c5077e0..e8b8daf8f 100644
--- a/README.md
+++ b/README.md
@@ -56,7 +56,7 @@ docker run -it --rm \
     --volume /var/run/docker.sock:/var/run/docker.sock \
     --volume "$(pwd)"/appwrite:/usr/src/code/appwrite:rw \
     --entrypoint="install" \
-    appwrite/appwrite:0.9.3
+    appwrite/appwrite:0.9.4
 ```
 
 ### Windows
@@ -68,7 +68,7 @@ docker run -it --rm ^
     --volume //var/run/docker.sock:/var/run/docker.sock ^
     --volume "%cd%"/appwrite:/usr/src/code/appwrite:rw ^
     --entrypoint="install" ^
-    appwrite/appwrite:0.9.3
+    appwrite/appwrite:0.9.4
 ```
 
 #### PowerShell
@@ -78,7 +78,7 @@ docker run -it --rm ,
     --volume /var/run/docker.sock:/var/run/docker.sock ,
     --volume ${pwd}/appwrite:/usr/src/code/appwrite:rw ,
     --entrypoint="install" ,
-    appwrite/appwrite:0.9.3
+    appwrite/appwrite:0.9.4
 ```
 
 Once the Docker installation completes, go to http://localhost to access the Appwrite console from your browser. Please note that on non-linux native hosts, the server might take a few minutes to start after installation completes.
diff --git a/app/init.php b/app/init.php
index d0271e2c4..88ac10f29 100644
--- a/app/init.php
+++ b/app/init.php
@@ -48,7 +48,7 @@ const APP_MODE_DEFAULT = 'default';
 const APP_MODE_ADMIN = 'admin';
 const APP_PAGING_LIMIT = 12;
 const APP_CACHE_BUSTER = 150;
-const APP_VERSION_STABLE = '0.9.3';
+const APP_VERSION_STABLE = '0.9.4';
 const APP_STORAGE_UPLOADS = '/storage/uploads';
 const APP_STORAGE_FUNCTIONS = '/storage/functions';
 const APP_STORAGE_CACHE = '/storage/cache';
diff --git a/src/Appwrite/Migration/Migration.php b/src/Appwrite/Migration/Migration.php
index 9f5d12d47..203af0c67 100644
--- a/src/Appwrite/Migration/Migration.php
+++ b/src/Appwrite/Migration/Migration.php
@@ -42,6 +42,7 @@ abstract class Migration
         '0.9.1' => 'V08',
         '0.9.2' => 'V08',
         '0.9.3' => 'V08',
+        '0.9.4' => 'V08',
     ];
 
     /**

From c52672bc9a99e144febfdad644ee225215a6bc1e Mon Sep 17 00:00:00 2001
From: Damodar Lohani <dlohani48@gmail.com>
Date: Sun, 1 Aug 2021 14:39:26 +0545
Subject: [PATCH 2/4] hot fix api issue

---
 app/controllers/api/projects.php   | 8 ++++++++
 app/views/console/home/index.phtml | 1 +
 2 files changed, 9 insertions(+)

diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php
index 2bac0efb8..bc4e5a6b1 100644
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@@ -21,6 +21,14 @@ use Appwrite\Network\Validator\Domain as DomainValidator;
 use Appwrite\Utopia\Response;
 use Cron\CronExpression;
 
+App::init(function ($project) {
+    /** @var Utopia\Database\Document $project */
+
+    if($project->getId() !== 'console') {
+        throw new Exception('Access to this API is forbidden.', 401);
+    }
+}, ['project'], 'projects');
+
 App::post('/v1/projects')
     ->desc('Create Project')
     ->groups(['api', 'projects'])
diff --git a/app/views/console/home/index.phtml b/app/views/console/home/index.phtml
index 021cf8992..2342a2af2 100644
--- a/app/views/console/home/index.phtml
+++ b/app/views/console/home/index.phtml
@@ -79,6 +79,7 @@ $usageStatsEnabled = $this->getParam('usageStatsEnabled',true);
     <div
         data-service="projects.getUsage"
         data-event="load"
+        data-scope="console"
         data-name="usage"
         data-param-project-id="{{router.params.project}}"
         data-param-range="30d">

From 0ad7d35bb038d298f1c8ea99397b11ebee1ecaad Mon Sep 17 00:00:00 2001
From: Torsten Dittmann <torsten.dittmann@googlemail.com>
Date: Tue, 10 Aug 2021 11:03:28 +0200
Subject: [PATCH 3/4] chore(changes): 0.9.4 changelog

---
 CHANGES.md | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/CHANGES.md b/CHANGES.md
index c6e74d852..210c82788 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,9 @@
+# Version 0.9.4
+
+## Security
+
+- Fixed security vulnerability that exposes project ID's from other admin users
+
 # Version 0.9.3
 
 ## Bugs

From 7af9bdbe3a454d12aefdb09a6002dbb34b7322fe Mon Sep 17 00:00:00 2001
From: Torsten Dittmann <torsten.dittmann@googlemail.com>
Date: Tue, 10 Aug 2021 11:07:53 +0200
Subject: [PATCH 4/4] chore(changes): 0.9.4 changelog

---
 CHANGES.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/CHANGES.md b/CHANGES.md
index 210c82788..c63d0205e 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -2,7 +2,7 @@
 
 ## Security
 
-- Fixed security vulnerability that exposes project ID's from other admin users
+- Fixed security vulnerability that exposes project ID's from other admin users (#1453)
 
 # Version 0.9.3