Skip to content

Changes in version 5.0.96

Latest
Latest

Choose a tag to compare

View all tags
@evilaliv3 evilaliv3 released this 28 Jun 20:08
v5.0.96
40708f3

Changes in version 5.0.96

  • Implement security enhancements following auditors suggestions:
    -- Bind authenticated requests with DPoP proof-of-possession [RFC 9449]
    -- Enforce tenant isolation and ownership across resources
    -- Enforce role network access policy on authenticated requests
    -- Revoke sessions on admin update, password change and deletion
    -- Confine sessions pending forced password change or 2FA enrollment
    -- Require step-up confirmation for deletion of users, contexts and tenants
    -- Require 2FA confirmation on voluntary password change
    -- Serialize TOTP one-time-use verification
    -- Mask recipient and whistleblower files through redaction
    -- Exclude masked files from report exports
    -- Restrict recipient files to their author
    -- Restrict editing of user identity fields to privileged users
    -- Validate submission answers, nesting depth and status transitions
    -- Enforce screening choices and intake gates on submissions
    -- Compute submission scoring and screening on the backend
    -- Enforce notification toggles across all mail paths
    -- Extend audit logging to file access, exports and redactions
    -- Rate-limit signup, support, password reset and email change
    -- Rate-limit proof-of-work and submission endpoints
    -- Rate-limit and sanitize CSP violation reports
    -- Skip per-IP rate limiting for Tor traffic
    -- Verify the SMTP server certificate against the hostname
    -- Restrict the TLS handshake signature hashes
    -- Generate fresh ephemeral keypairs for assisted submissions
    -- Escape spreadsheet formula prefixes in CSV exports
    -- Mask two factor authentication and access code inputs
    -- Harden systemd service, AppArmor profile and Docker containers
    -- Bind high ports to loopback on Tor-only platforms
    -- Fail closed to Tor-only when web reachability is unknown
    -- Fix defang of multiple URLs at once
  • Improve notification rendering of the {TipStatus} keyword
  • Improve upload time estimate formatting
  • Fix questionnaire and question template lists not refreshing
  • Perform lint fixes thanks to Ruff inspector
  • Bump client dependencies to their latest stable versions
  • Update translations
Assets 2
Loading