Appsmith Patches Critical Path Traversal Vulnerability in FileOperationscev2Impl Affecting Git Operations

Appsmith has released a security fix addressing a path traversal vulnerability (GHSA-m4hv-9p7g-56vm) that exposed git file read and delete operations to directory escape attacks. The flaw, tracked as APP-15180, stemmed from incomplete path validation coverage in the `FileUtilsCEImpl` class, which originally enforced boundaries only on write operations, leaving read and delete paths unprotected.

The vulnerability allowed attackers to potentially access or delete files outside the intended git root directory through maliciously crafted file paths. The fix extends `validatePathIsWithinGitRoot()` coverage from write-only to all file operations, routing all 31 direct `fileOperations.readFile/readFiles/readFileAsString` call sites through centralized path validation. Developers also added validated wrapper methods for `deleteFile` and `deleteDirectory` operations, and widened the validation method's visibility from `private` to `protected` to enable reuse by enterprise edition subclasses.

The patch includes two regression tests verifying that path traversal attempts are blocked while valid paths within the git root continue functioning normally. Organizations running Appsmith instances should verify their deployments reflect the updated `FileUtilsCEImpl` implementation. The vulnerability's severity and full technical scope are documented in the GitHub Security Advisory GHSA-m4hv-9p7g-56vm.