Skip to content

Releases: omergrossman/principe-oss

v1.0.1 — security hardening + ops

22 Jun 17:59
@omergrossman omergrossman
v1.0.1
0f3776a
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.1 — security hardening + ops Latest
Latest

Patch release on top of v1.0.0.

Security

  • NewsBell: news bodies sanitized with DOMPurify (+ anchor hardening) — stored-XSS hardening.
  • fetch.ts SSRF guard now pins the TCP connection to the pre-validated IP via an undici dispatcher, closing the DNS-rebinding window (per-hop, TLS-SNI preserved).
  • Marketing site: added CSP + X-Frame-Options + HSTS + Permissions-Policy, removed the wildcard CORS, and collapsed the two Turnstile widgets into one invisible shared check.

Ops

  • bin/stop.sh — clean stack shutdown before update/rebuild (data preserved; reports/clears a stray port holder, Colima-aware).

Other

  • In-app version display now reads v1.0.1.
  • Leg-2 calibration baseline recomputed from 12 CISO survey responses.
Assets 2
Loading