Skip to content

11.0.283

Latest
Latest

Choose a tag to compare

View all tags
@adubovikov adubovikov released this 25 Jun 09:38
· 2 commits to homer11 since this release
11.0.283
5e90809
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Security release

This release closes three coordinator security advisories. See docs/SECURITY.md for upgrade notes.

Fixes

  • GHSA-f46q-3v67-fmm4 — validate rawquery in POST /api/v4/statistics/query (read-only SQL only) (#837)
  • GHSA-6xp5-7rcx-xfgx — remove hardcoded default admin password sipcapture; random bootstrap password when hash omitted (#838)
  • GHSA-rqcc-94gv-wjm9 — enforce JWT on protected routes when coordinator.jwt.secret is empty; auto-persist .homer_jwt_secret (#839)

Documentation

Upgrade notes

  • Docker Compose (examples/docker/) with explicit JWT_SECRET and ADMIN_PASSWORD_HASH — no credential changes.
  • Empty JWT secret — API now requires authentication; check coordinator logs for jwt_secret_file.
  • Fresh install without admin hash — bootstrap password logged once at startup.

Full Changelog: 11.0.281...11.0.283

Assets 8
Loading