Skip to content

v2.0.9 — Security & performance

Choose a tag to compare

@achref-soua achref-soua released this 15 Jun 22:15
cf7331c

A security-hardening and performance release. No breaking changes; existing deployments update in place.

Security

  • SSRF guards on every server-side fetch of an operator-supplied URL — outbound webhooks and credential "test connection" probes now refuse private/loopback/metadata targets (opt back in for trusted LAN hosts). (#277#279)
  • Intelligence service token — the AI /v1 API now requires a shared INTEL_SERVICE_TOKEN (generated per install), closing the one tenant-data path that sat outside Postgres RLS. (#280)
  • Rate-limit resilience — the gateway limiter degrades gracefully instead of 500-ing the API when Redis is briefly down. (#281)
  • Kubernetes NetworkPolicy (opt-in) restricting the AI plane to web + workers, and pinned floating sidecar image tags. (#282)
  • Dependency advisories patched: protobufjs, js-yaml, cryptography, starlette. (#276)

Performance

  • Opt-in PgBouncer transaction pooling for the RLS app connection — verified safe (the tenant id is transaction-local). (#283, ADR-0022)
  • Shared write-key cache on the ingest hot path. (#284, ADR-0023)

Full write-up: docs/security/audit-2.0.9.md.