Skip to content

v0.1.21

Choose a tag to compare

View all tags
@adolfousier adolfousier released this 08 Mar 20:37
· 5 commits to main since this release
v0.1.21
0a9bc15

v0.1.21 — Security Hardening

Full security audit and fixes across all modules:

  • API URL validation — reject file://, ftp://, and other non-HTTP schemes; warn on unencrypted HTTP for remote hosts
  • Request timeouts — 120s request timeout, 10s connect timeout on all API calls
  • D-Bus input sanitization — typed JSON deserialization, 4 KB size cap, API keys redacted from logs
  • Database setting key whitelist — only known keys accepted, values capped at 4 KB
  • File permissions — data directory and model downloads set to 0o700/0o600 on Unix
  • Panic-free — replaced all .unwrap() with .expect() or proper error propagation
  • Security tests — setting key rejection, file:// URL rejection, ftp:// URL rejection (34 total tests)

Full Changelog: v0.1.20...v0.1.21

Assets 6
Loading