Changelog — March 19, 2026

Critical security patch closing a multi-tenant data leak in Cmd+K search, plus a series of storage usage reliability fixes. Four releases shipped today: v1.15.2 through v1.15.5.

🐛 Bug Fixes

• Client Tenant Data Isolation — Critical security fix addressing a multi-tenant isolation breach where client users could view other clients' projects, retouchers, guidelines, and users through the global Cmd+K search, and access foreign projects directly by URL. Root cause: resolveAccessibleOrganizationIds incorrectly added the parent studio ID to all org types, including CLIENT, effectively granting cross-tenant access. Fix restricts parent org inheritance to RETOUCHER memberships only. A defense-in-depth isClientOnlyViewer detection layer was also added in the search resolver to scope results strictly to the client's own organization. #306

• Storage Usage Reliability — Three successive fixes stabilizing studio storage usage calculation: organization settings are now preserved when a storage lookup fails, missing R2 prefixes are gracefully ignored instead of causing errors, and the system falls back to database-recorded sizes when the R2 storage object returns empty. Shipped in v1.15.2, v1.15.3, and v1.15.4.

By theodaguier