Skip to content

v0.5.1

Latest

Choose a tag to compare

@JimScope JimScope released this 17 Jun 17:21

Highlights

  • Security audit resolved — 6 backend (SEC-1..SEC-6), 7 modem-agent (SEC-7, MA-1..MA-16), and 13 frontend (FE-1..FE-13) findings addressed
  • Messages rescued automatically — retry cron now recovers messages stuck in sending or pending indefinitely (fixes long-standing data loss scenario)
  • Modem-agent rewritten — session recovery, multipart SMS support, serial port locking, CLIP caller-ID parsing, improved septet counting
  • API keys and device keys hashed at rest — existing keys migrated transparently on first start
  • SSRF hardening — SNS callback URLs validated at the request sink

Security

  • Hash device API keys and integration API keys at rest (migration 1740000020)
  • Protect is_superuser from self-service writes (migration 1740000021)
  • Verify group ownership on contact import to prevent cross-user data access
  • Fix webhook HMAC fallback that was signing ciphertext instead of plaintext
  • Validate SNS callback URLs to prevent SSRF via provider webhook registration
  • Modem-agent: port locking, session recovery, input validation (SEC-7)
  • Frontend: sanitize outputs, tighten CSP, fix XSS vectors (FE-1..FE-13)

Fixes

  • Rescue stranded sending messages — after 10 min with no device report, cron resets to assigned and retries (up to 3×)
  • Rescue stranded pending messages — cron assigns a device as soon as one becomes available; expires after 24 h
  • Normalize date filter parameters to PocketBase's stored format — fixes silent comparison failures in retry cron
  • Fix payment-credit rollback on subscription cancellation
  • Make payment txid unique and add idempotency guard (migration 1740000022)
  • Deliver webhook retries with the original payload, not a re-encrypted one
  • Cap retry amplification in webhook delivery
  • Fix quota reservation race condition
  • Fix API key rotation race condition
  • Fix cancel_at_period_end and past-due subscription recovery
  • Complete GDPR user-delete cascade
  • Fix dbx-based pagination counts
  • Scope contacts export to active search/group filter

Modem Agent

  • Session recovery: reconnects automatically after serial port loss
  • Multipart SMS: splits long messages and reassembles on the device
  • Port locking: prevents concurrent processes from claiming the same serial device
  • CLIP caller-ID parsing for incoming SMS
  • Improved septet counting for GSM-7 encoding
  • Config guard: validates .env and modems.yaml on startup
Full changelog (v0.5.0..v0.5.1)
4b63a0d Validate SNS callback URLs at the request sink (SSRF hardening)
e595fc8 Make payments txid-unique migration idempotent for PocketBase v0.39
54341d4 Scope contacts export to the active search/group filter
1f4092d Harden modem-agent: CLIP, septet counting, Watch drain, config guards
cde8cbe Fix payment-credit rollback and post-audit backend regressions
90ebf2b Resolve frontend audit findings (FE-1..FE-13)
ee7e5ee Rewrite modem-agent: session recovery, multipart SMS, port locking (SEC-7, MA-1..MA-16)
8511318 Resolve backend audit findings (SEC-1..SEC-6, BE-1..BE-25)