diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 7ec532780..4e550c464 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -142,7 +142,7 @@ Learn more at our [Technology Stack](#technology-stack) section.
 
 ##### Security
 
-- [Appwrite Auth and ACL](https://github.com/appwrite/appwrite/blob/0.16.x/docs/specs/authentication.drawio.svg)
+- [Appwrite Auth and ACL](https://github.com/appwrite/appwrite/blob/master/docs/specs/authentication.drawio.svg)
 - [OAuth](https://en.wikipedia.org/wiki/OAuth)
 - [Encryption](https://medium.com/searchencrypt/what-is-encryption-how-does-it-work-e8f20e340537#:~:text=Encryption%20is%20a%20process%20that,%2C%20or%20decrypt%2C%20the%20information.)
 - [Hashing](https://searchsqlserver.techtarget.com/definition/hashing#:~:text=Hashing%20is%20the%20transformation%20of,it%20using%20the%20original%20value.)
diff --git a/app/controllers/api/databases.php b/app/controllers/api/databases.php
index 2290bad37..8b3fba5e4 100644
--- a/app/controllers/api/databases.php
+++ b/app/controllers/api/databases.php
@@ -2224,14 +2224,10 @@ App::patch('/v1/databases/:databaseId/collections/:collectionId/documents/:docum
 
         $data = (\is_string($data)) ? \json_decode($data, true) : $data; // Cast to JSON array
 
-        if (empty($data) && empty($permissions)) {
+        if (empty($data) && \is_null($permissions)) {
             throw new Exception('Missing payload or permissions', 400, Exception::DOCUMENT_MISSING_PAYLOAD);
         }
 
-        if (!\is_array($data)) {
-            throw new Exception('Data param should be a valid JSON object', 400, Exception::DOCUMENT_INVALID_STRUCTURE);
-        }
-
         $database = Authorization::skip(fn () => $dbForProject->getDocument('databases', $databaseId));
 
         if ($database->isEmpty()) {
diff --git a/app/controllers/api/projects.php b/app/controllers/api/projects.php
index 40523c1b9..8c515f241 100644
--- a/app/controllers/api/projects.php
+++ b/app/controllers/api/projects.php
@@ -95,7 +95,6 @@ App::post('/v1/projects')
                 Permission::update(Role::team($teamId, 'developer')),
                 Permission::delete(Role::team($teamId, 'owner')),
                 Permission::delete(Role::team($teamId, 'developer')),
-
             ],
             'name' => $name,
             'teamInternalId' => $team->getInternalId(),
diff --git a/app/http.php b/app/http.php
index 2b8d57c1b..40dd70385 100644
--- a/app/http.php
+++ b/app/http.php
@@ -170,6 +170,7 @@ $http->on('start', function (Server $http) use ($payloadSize, $register) {
                 'enabled' => true,
                 'encryption' => true,
                 'antivirus' => true,
+                'fileSecurity' => true,
                 '$permissions' => [
                     Permission::read(Role::any()),
                     Permission::update(Role::any()),