[x] Perform server-side input validation and sanitization (whenever it's possible) on all user-controlled inputs.
[x] Perform context-aware output encoding/escaping of all user-controlled input.
[x] Enforce Access Control on every request. Consider the different types of users (enterprise, free-trials, etc). Who should access that functionality/endpoint?
What changes does this PR introduce?
Fix ? Link to ticket: No linked ticket
Test impact
...
Security considerations
Note: Any doubt please reach us on #security.