mirror of
https://github.com/formbricks/formbricks.git
synced 2026-05-19 11:29:57 -05:00
Matti Nannt
05d7d1165a
The client-facing POST /api/v1/client and /api/v2/client response endpoints accepted arbitrary createdAt/updatedAt values, allowing any respondent to backdate or future-date their submission and poison time-series analytics. Strip both fields before the Prisma insert in the client code paths. The management API retains the ability to pass timestamps, as it is authenticated and used for legitimate server-side data imports. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>