Skip to content

v1.0.1 - Security Hardening & Code Quality

Choose a tag to compare

View all tags
@mohsin-rafique mohsin-rafique released this 05 Apr 14:22
· 13 commits to master since this release
v1.0.1
d36d23e

What's Changed

πŸ”’ Security

  • Debug mode now controlled via .env β€” defaults to production-safe false
  • Session cookies hardened β€” secure and sameSite configurable via .env
  • Login rate limiting β€” max 5 failed attempts per IP per 15 minutes
  • Database credentials moved to .env β€” no hardcoded values in config/db.php

πŸ›  Code Quality

  • PHP 8.1 type declarations added across all models, components, widgets and controllers
  • PHPDoc class-level and method-level comments added throughout (Yii2 standards)
  • Fixed BalanceHelper::getBalance() float cast for users with no transactions
  • Fixed ExpenseSearch / SignupForm / ChangePasswordForm β€” missing rules(): array was causing 500 error
  • Cleaned up Gii-generated noise from User model annotations

πŸ“„ Docs

  • README updated with .env setup instructions
  • Changelog section added
  • .env.example template added for self-hosted deployments

Upgrade Notes

If upgrading from v1.0.0:

  1. Copy .env.example to .env and fill in your database credentials
  2. Run php yii migrate (no new migrations in this release)
Assets 2
Loading