git » sdk » commit 8c1b5b0

Bad UUIDv7s in the wild make this unsafe

author Stephen Paul Weber
2026-04-07 18:39:01 UTC
committer Stephen Paul Weber
2026-04-07 18:39:01 UTC
parent 93072d44f354414d7f83c403fa53b589ede985e9
Bad UUIDv7s in the wild make this unsafe
borogove/Chat.hx +2 -4 
diff --git a/borogove/Chat.hx b/borogove/Chat.hx
index 81bc81f..e0ced6d 100644
--- a/borogove/Chat.hx
+++ b/borogove/Chat.hx
@@ -54,8 +54,6 @@ enum abstract EncryptionMode(Int) {
 	var EncryptedOMEMO; // Use OMEMO
 }
 
-final UUIDv7_PATTERN = ~/^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-7[0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}$/;
-
 @:expose
 #if cpp
 @:build(HaxeCBridge.expose())
@@ -889,7 +887,7 @@ abstract class Chat {
 	@:allow(borogove)
 	private function markReadUpToId(upTo: String, upToBy: String): Promise<Any> {
 		if (upTo == null) return Promise.reject(null);
-		if (readUpToId == upTo || (UUIDv7_PATTERN.match(readUpToId) && UUIDv7_PATTERN.match(upTo) && upTo < readUpToId)) {
+		if (readUpToId == upTo) {
 			return Promise.reject(null);
 		}
 
@@ -906,7 +904,7 @@ abstract class Chat {
 			return Promise.reject(null);
 		}
 
-		if (readUpToId == null || (UUIDv7_PATTERN.match(readUpToId) && UUIDv7_PATTERN.match(message.serverId))) {
+		if (readUpToId == null) {
 			return markReadUpToId(message.serverId, message.serverIdBy);
 		}