Skip to content

v4.8.74

Choose a tag to compare

View all tags
@github-actions github-actions released this 14 Jun 03:41
· 20 commits to master since this release
v4.8.74
e6a5bce
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Auto-released from merge of PR #525 (trigger: pull_request).

  • /health no longer leaks OAuth internals to the public internet — when dario sits behind a Cloudflare tunnel with a public /health bypass (uptime monitoring), the endpoint was world-readable and returned oauth status, the access-token expiresIn countdown, request volume, and refresh-error detail. Public requests (identified by the CF-edge-stamped cf-ray header) now receive only the liveness verdict ({status: ok|degraded}); internal loopback callers — the docker healthcheck, dario doctor, the self-probe — still get full detail. The HTTP 200/503 is unchanged, so external uptime checks keying on the status code are unaffected. Logic extracted to buildHealthResponse with unit coverage.

Built + tested + npm-published inline by cc-drift-auto-release.yml on this run. See the workflow log for the provenance-attested publish output.

Assets 2
Loading