Skip to content

Releases: strongentropy/strongentropy.github.io

v1.2.0

31 May 07:23
@strongentropy strongentropy
v1.2.0
This tag was signed with the committer’s verified signature.
strongentropy
GPG key ID: 3263D1B87AAAFCD4
Verified
Learn about vigilant mode.
846eaf8
This commit was signed with the committer’s verified signature.
strongentropy
GPG key ID: 3263D1B87AAAFCD4
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.2.0 Latest
Latest

v1.2.0

New features

  • Visitor graph now includes OS (teal nodes) and device type (violet nodes) dimensions
    • OS detected from User-Agent: iOS, iPadOS, Android, ChromeOS, Windows, macOS, Linux
    • Device type sourced from Cloudflare runtime metadata (trusted, not attacker-controlled)

Security

  • parseOS() threat documented in THREAT_MODEL.md §3
  • jazzer.js fuzz target added for parseOS() — run in CI on every push
  • Fuzz coverage: ReDoS confirmed low-risk (simple literal regex patterns, no quantifier nesting)

Documentation

  • Public THREAT_MODEL.md updated to v1.2.0
  • Private threat model updated with residual risk and open items (admin repo)
  • README and SECURITY.md updated for v1.2.0

Signing key fingerprint: 3F1A A06D A8C5 8ACE F25B C882 3263 D1B8 7AAA FCD4

Verify: git tag -v v1.2.0

Assets 4
Loading

v1.1.0

31 May 04:19
@strongentropy strongentropy
v1.1.0
This tag was signed with the committer’s verified signature.
strongentropy
GPG key ID: 3263D1B87AAAFCD4
Verified
Learn about vigilant mode.
5904b54
This commit was signed with the committer’s verified signature.
strongentropy
GPG key ID: 3263D1B87AAAFCD4
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.1.0

What's changed

Security

  • Migrated worker from npm to pnpm — strict symlinked store prevents phantom dependency access
  • Added explicit 512-char cap on User-Agent and Referer in logVisit() to prevent KV bloat from crafted headers

CI/CD

  • pnpm/action-setup@v4 added to all workflows; package-lock.jsonpnpm-lock.yaml
  • SBOM generation migrated from npm sbom to @cyclonedx/cyclonedx-npm
  • Fuzz targets updated to use pnpm exec jazzer

Documentation

  • README and SECURITY.md reorganized for logical flow
  • Full threat model (including residual risks) moved to private admin repo; public version retains architecture, trust boundaries, and mitigations
  • All OSPS Baseline criteria documented

Signing key

Fingerprint: `3F1A A06D A8C5 8ACE F25B C882 3263 D1B8 7AAA FCD4`

Verify: `git tag -v v1.1.0`

Loading

v1.0.0

31 May 02:58
@strongentropy strongentropy
v1.0.0
This tag was signed with the committer’s verified signature.
strongentropy
GPG key ID: 3263D1B87AAAFCD4
Verified
Learn about vigilant mode.
43806ec
This commit was signed with the committer’s verified signature.
strongentropy
GPG key ID: 3263D1B87AAAFCD4
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.0.0

Strong Entropy — v1.0.0

Initial public release of the strongentropy.com infrastructure.

What's included

Site

  • Static site hosted on GitHub Pages, proxied through Cloudflare Worker
  • Mobile-responsive dark design with self-hosted fonts and assets
  • GPG public key, security policy, contact info

Visitor Graph (/graph/)

  • Protected D3 force-directed graph of visitor metadata
  • Backed by Cloudflare KV with daily flush to private GitHub log repo
  • Node types: IP, country, city, ASN, org, UA, path, referrer
  • Search, filter, focus, and detail panel

Security

  • HTTP Basic Auth with timing-safe comparison
  • Rate limiting via Cloudflare KV
  • Strict CSP, HSTS, signed commits, branch protection, required status checks
  • CI: CodeQL SAST, jazzer.js fuzzing (4 targets), npm audit, OpenSSF Scorecard
  • All GitHub Actions pinned to commit SHAs

License

Source code (worker/src/, assets/js/) — MIT
Content, design, branding — All Rights Reserved, Strong Entropy LLC

This tag is signed with GPG key 3F1A A06D A8C5 8ACE F25B C882 3263 D1B8 7AAA FCD4.

Loading