Skip to content

v0.4.0

Choose a tag to compare

@GeiserX GeiserX released this 19 May 14:00
f33a60c

What's New

Security Hardening

  • Timing-safe authentication with hmac.compare_digest
  • Login rate limiting (5 failed attempts / 5 min per IP, only counts failures)
  • Content Security Policy headers
  • Session invalidation via CASHPILOT_SESSION_EPOCH env var
  • Deploy spec validation blocks privileged containers, dangerous capabilities, and sensitive volume mounts (including subpaths)
  • XSS fix in fleet template (HTML-escape error messages)

Collector Base Refactor

  • Reusable httpx.AsyncClient with lifecycle management (_get_client())
  • Exponential backoff retry (_retry()) for all collectors
  • Instance caching with stale cleanup on config change
  • All 14 collectors updated to use the new base

Async Orchestrator

  • All blocking Docker SDK calls wrapped in asyncio.to_thread()
  • Background task logging upgraded to WARNING level

API Conformance

  • EarnApp API version updated to 1.627.783
  • Traffmonetizer: Origin/Referer headers for CORS compliance
  • IPRoyal: retry protection on post-refresh balance fetch

Database

  • SQLite busy_timeout=5000 pragma for concurrent access
  • password_changed_at column migration

Tests

  • pytest.importorskip("docker") for CI environments without Docker SDK
  • Stronger assertion on delete_volumes parameter forwarding