Skip to content

v0.16.5 - Signaling URL validation, FCM watchdog observability, Dependabot

Choose a tag to compare

@bvis bvis released this 14 Jun 22:18
e749c36

Promotes the 0.16.5 beta line to stable.

Fixed

  • Signaling URL domain validation — the SocketUrl from FCM push is now validated against *.fermax.io before opening the WebSocket signaling connection, so a spoofed/compromised push can't redirect signaling to an attacker server and leak OAuth/FCM tokens. Untrusted URLs are logged and replaced with the default. Contributed by @aitoraznar (#18).
  • FCM watchdog observability (#16) — demote the spurious "restart scheduled" WARNING to INFO (transient is_started() False states no longer cry wolf), log previously-swallowed restart errors with traceback, and fix ensure_running() to return the start-call result per its contract. No behavior change to the restart state machine.

Added

  • Dependabot — weekly automated dependency update PRs for the Python dev toolchain and GitHub Actions (#18).

Full changelog: https://github.com/bvis/fermax-blue-hass/blob/main/CHANGELOG.md