v0.15.5 — Bugfix: Security, Config Dedup, Code Dedup
Fixes
🔴 #2 — Security: eval() in CSV Import
Replaced eval() with ast.literal_eval() in apex_csv_import.py. The old code could execute arbitrary Python from CSV column headers — a potential code injection vector.
🔴 #3 — Duplicate Config Files
apex-config.yamlnow officially deprecated with banner pointing toreef_config.yaml- Log warning added when legacy config is loaded at runtime
- Default InfluxDB
orgsynced:"apex"→"my_reef"inreef_core.py - All docs updated to reference
reef_config.yaml
🔴 #4 — Massive Code Duplication
Extracted NOTE_TYPES, REASON_TITLES, and note_to_points() into a shared scripts/apex_notes.py module. Removed ~260 lines of duplicated constants and functions from 3 files.
Files Changed
- 10 files modified, 1 new (scripts/apex_notes.py)
- -261 lines removed, +169 lines added
- Net codebase reduction: 92 lines
Docker Fix (post-release)
- Cron container was missing
requestsandcurl— Fusion login fell through to thecurlsubprocess fallback and crashed withFileNotFoundError. Tank notes were never syncing. Fixed by adding both toDockerfile.cron. - The
collectorcontainer was unaffected (uses stdliburllib). - If you built v0.15.5 images before this fix: rebuild
apex-cronand recreate the container. Existing users withrequestsalready installed from other deps may not hit this.