Squanchy and Firestore rules — a security post-mortem
How we found, and fixed, a security issue leading to potential PII leaking in Squanchy, our FOSS conference platform. Firestore access rules aren't as obvious as you'd think!