v1.3.0 β dDRM hardening + security audit
PC2 v1.3.0 β dDRM hardening + security audit + Creator-Studio groundwork
Beta / open for testing. This is a large, security-focused release. We're opening it for community testing alongside ElastOS Launcher v1.2.9 and will refine from real-world feedback. Please report issues via Discord / GitHub Discussions.
Highlights
Security hardening (audited 2026-05-29)
- RPC spoofing fixed (high severity): the Lit-Action on-chain access check no longer trusts client-supplied
Host/X-Forwarded-Hostheaders. It routes through an operator-pinned proxy or a health-tracked server-side RPC pool, closing a path that could be used to forge ownership claims. - Skill-install IDOR fixed: installing a decrypted skill is now bound to the authenticated secure-view session owner; a mismatched
buyerAddressis rejected (403). - Session revocation wired into the live path: revoked delegation tokens now stop working immediately, and admin CEK flush also clears the WASM handle cache.
- Capability URLs signed by default:
/filelinks now require a server-side HMAC signature (FILE_URL_SIGNING_REQUIREDdefault-on). This is invisible to users β the node signs and verifies automatically; no wallet prompt, no steps. Operators with genuinely old cached links can setFILE_URL_SIGNING_ALLOW_LEGACY=trueduring transition. - Log redaction: decryption-related material (
kid) is no longer logged by the wallet bridge.
dDRM & media playback
- Legacy video playback restored: server-side override of PSSH-baked RPC values rescues videos minted before this release that had an exhausted RPC quota hardcoded into their metadata β owners can play them again without re-minting.
- Zero-config resilient Lit-Action RPC: access checks auto-route through the node's own rotating, health-tracked, cached
/api/rpc/baseproxy when reachable, with a loopback/LAN guard and health-aware public fallback. Fixes intermittent "purchase access tokens" errors on owned content. - Legacy decrypt-CID remap ordering fix: non-media assets (3D/GLB, EPUB, PDF, image) that baked a known-good remap-only decrypt CID now decrypt correctly. Verified across image, EPUB, and 3D model.
- 3D model viewer: camera clip planes now adapt to model size, fixing the "wall" where large models were clipped when zooming out.
RPC pool resilience
- New centralized RPC health tracker sidelines unhealthy upstreams (5xx/429/408/transport failures) for a cooldown; consumers auto-rotate to healthy URLs. Applies to both the JSON-RPC proxy and the Content Indexer.
- Default Base RPC list expanded 3 β 6 (publicnode, drpc, blastapi, 1rpc.io, omniatech). Tenderly removed from defaults.
public_proxy_urlandcontent_indexer.rpc_urlsare operator-tunable.
Creator Studio β Monetisation Agent (S1)
- The conversational Monetisation Agent (Creator-Studio S1) ships dormant by default behind
MONETISATION_AGENT_ENABLED. It does not affect the core AI chat (all third-party + local providers) or the existing Creator wizard. Operators can opt in to preview it; it will be promoted to default-on in a later release once validated.
Install / ops
- FFmpeg provisioned on all install paths (start-local.sh, install-arm.sh, Dockerfile, CI, and launcher v1.2.9+) β required for video minting.
Coupled launcher
Fresh-Mac users should use ElastOS Launcher v1.2.9+, which auto-installs Homebrew + Xcode Command Line Tools + all PC2 dependencies in a single first-run flow.
Download: https://github.com/Elacity/elastos-launcher/releases/tag/v1.2.9
Upgrading
Existing nodes auto-detect this release and update in place (git fast-forward + rebuild + restart). No manual action required.
Breaking changes
None. All changes are backward-compatible with existing PC2 installs. Capability-URL signing is default-on but transparent; the legacy escape hatch exists if needed.
Operator notes
- RPC unhealthy cooldown is tunable via
config.blockchain.rpc_unhealthy_cooldown_ms(default 60s). - Legacy dDRM video assets benefit from the PSSH-baked-RPC override automatically β no operator action required.
Acknowledgements
dDRM hardening direction by @irzhy (zero-CEK exposure, RPC unification). Implementation, security audit, and release coordination by @sash.