Skip to content

v2.6.3

Choose a tag to compare

View all tags
@github-actions github-actions released this 22 Apr 13:08
· 16 commits to main since this release
v2.6.3
5cc8758

Security

  • CliZipCreator: ZIP encryption password is now passed to 7z via stdin instead of the -p<password> argv argument. On shared hosts, any local user could previously read the password from /proc/<pid>/cmdline or ps output while the backup process was running. Now the bare -p flag instructs 7z to read the password from stdin, keeping it out of the OS process table and audit logs
  • NotifierSendBackupController: Raw exception messages are no longer returned in HTTP responses. Previous behavior leaked internal details such as mysqldump stderr (DB usernames, internal hosts), absolute filesystem paths, and upstream server response bodies to any holder of NOTIFIER_BACKUP_CODE. Responses now contain a generic message plus an opaque error_id (UUID) that correlates with server-side logs

Changed

  • Error responses for failed backups now include error_id field (UUID) instead of error field with raw exception text — full details remain available in the server logs under the same error_id

Full Changelog: v2.6.2...v2.6.3

Assets 2
Loading