Light IPAM v1.2.1 is a backward-compatible patch release focused on security
hardening, auditability, API consistency, and a simpler published-image install.
Highlights
- Adds
compose.release.yamland a complete installation/upgrade guide for the
published amd64 and arm64 app and scanner images. - Hardens CSV exports against spreadsheet-formula injection and adds conditional
HSTS plus stricter CSP directives. - Restricts API-token creation to administrators and aligns webhook URL SSRF
validation with scanner-agent endpoint validation. - Improves mutation audit metadata and returns the JSON error envelope for
unsupported methods on registered/api/v1routes. - Fixes the API fallback startup panic and the intermittent sealed-secret test.
- Reorganizes the README around audience, product value, quick evaluation, and
technical documentation.
Upgrade notes
- No database migration; the schema remains at migration 23.
- No breaking
/api/v1or scanner-protocol change; the scanner protocol remains
v1. - Webhook create/update now requires
https://. Move any plain-HTTP webhook
endpoint behind TLS before editing and saving it again. - App and scanner images should be upgraded together to
1.2.1.
See the full changelog.