Skip to content

BetterDB Monitor v0.4.1

Choose a tag to compare

View all tags
@KIvanow KIvanow released this 06 Feb 09:39
· 310 commits to master since this release
v0.4.1
88fbc79
This commit was signed with the committer’s verified signature.
KIvanow Kristiyan Ivanov
GPG key ID: 4BB27D5B662BC86B
Verified
Learn about vigilant mode.

Security

fastify — Upgraded to v5.7.3 to address two vulnerabilities:

  • Content-Type validation bypass — Appending a tab character to the Content-Type header allowed attackers to completely bypass request body validation while the server still parsed the body normally. This affects any handler relying on Content-Type-based schema validation for data integrity or security. (CVE-2026-25223, High severity)
  • DoS via unbounded memory in Web Streams — A slow or non-reading client could trigger unbounded memory buffering when using ReadableStream via reply.send(), potentially leading to process crashes. (CVE-2026-25224, Low severity)

esbuild — Upgraded to v0.25.0 to fix an overly permissive CORS configuration in the development server. The default Access-Control-Allow-Origin: * header allowed any website to read responses from the dev server, potentially leaking source code. (GHSA-67mh-4wv8-2f99, Moderate severity)

What's Changed

  • Add BetterDB CLI package with build/publish workflow, docs, and tooli… by @KIvanow in #17

Full Changelog: v0.4.0...v0.4.1

Contributors

KIvanow
Assets 3
Loading