Skip to content

obsidian-tc v1.0.2

Choose a tag to compare

@suavecito585 suavecito585 released this 21 Jun 09:09

Security patch. Closes the unauthenticated-bind exposure that shipped in 1.0.1: the HTTP transport now refuses to bind a non-loopback host when auth.mode is none (F2, fail-closed, no insecure override). Also rolls up the rate-limiter fixes (THE-212/213) and post-1.0.1 docs/CI work.

npm: obsidian-tc@1.0.2 plus @the-40-thieves/obsidian-tc-{shared,native} and the four platform packages, provenance-signed. Docker: ghcr.io/the-40-thieves/obsidian-tc:1.0.2. Full notes in CHANGELOG.md.