Skip to content

v1.1.1

Choose a tag to compare

View all tags
@Iam-Master Iam-Master released this 26 Jun 14:47
· 10 commits to main since this release
v1.1.1
3ac856a

Security & Robustness Patch

Security

  • CSV export formula-injection hardening (all string fields sanitized)
  • WebSocket Origin check (rejects cross-origin connections from untrusted tabs)
  • XSS hardening: codec color values validated before style injection
  • Device-photo SSRF hardening (HTTPS-only to public hosts)

Fixed

  • KeyError in list_known_devices when device dict lacks 'name' key
  • Photo fetch .tmp cleanup guaranteed on failure
  • Frontend history trim now consistent (MAX_HISTORY=2200)

Added

  • Full API documentation (docs/API.md)
  • README Troubleshooting section
  • 50 backend + 20 frontend automated test cases

Full Changelog: v1.1.0...v1.1.1

Assets 4
Loading