Releases
v0.4.0
Compare
Sorry, something went wrong.
No results found
What's New
Security Hardening
Timing-safe authentication with hmac.compare_digest
Login rate limiting (5 failed attempts / 5 min per IP, only counts failures)
Content Security Policy headers
Session invalidation via CASHPILOT_SESSION_EPOCH env var
Deploy spec validation blocks privileged containers, dangerous capabilities, and sensitive volume mounts (including subpaths)
XSS fix in fleet template (HTML-escape error messages)
Collector Base Refactor
Reusable httpx.AsyncClient with lifecycle management (_get_client())
Exponential backoff retry (_retry()) for all collectors
Instance caching with stale cleanup on config change
All 14 collectors updated to use the new base
Async Orchestrator
All blocking Docker SDK calls wrapped in asyncio.to_thread()
Background task logging upgraded to WARNING level
API Conformance
EarnApp API version updated to 1.627.783
Traffmonetizer: Origin/Referer headers for CORS compliance
IPRoyal: retry protection on post-refresh balance fetch
Database
SQLite busy_timeout=5000 pragma for concurrent access
password_changed_at column migration
Tests
pytest.importorskip("docker") for CI environments without Docker SDK
Stronger assertion on delete_volumes parameter forwarding
You can’t perform that action at this time.