Skip to content

v0.15.5 — Bugfix: Security, Config Dedup, Code Dedup

Choose a tag to compare

@niveknow niveknow released this 21 Jun 14:34

Fixes

🔴 #2 — Security: eval() in CSV Import

Replaced eval() with ast.literal_eval() in apex_csv_import.py. The old code could execute arbitrary Python from CSV column headers — a potential code injection vector.

🔴 #3 — Duplicate Config Files

  • apex-config.yaml now officially deprecated with banner pointing to reef_config.yaml
  • Log warning added when legacy config is loaded at runtime
  • Default InfluxDB org synced: "apex""my_reef" in reef_core.py
  • All docs updated to reference reef_config.yaml

🔴 #4 — Massive Code Duplication

Extracted NOTE_TYPES, REASON_TITLES, and note_to_points() into a shared scripts/apex_notes.py module. Removed ~260 lines of duplicated constants and functions from 3 files.

Files Changed

  • 10 files modified, 1 new (scripts/apex_notes.py)
  • -261 lines removed, +169 lines added
  • Net codebase reduction: 92 lines

Docker Fix (post-release)

  • Cron container was missing requests and curl — Fusion login fell through to the curl subprocess fallback and crashed with FileNotFoundError. Tank notes were never syncing. Fixed by adding both to Dockerfile.cron.
  • The collector container was unaffected (uses stdlib urllib).
  • If you built v0.15.5 images before this fix: rebuild apex-cron and recreate the container. Existing users with requests already installed from other deps may not hit this.