Skip to content

v1.2.0

Latest
Latest

Choose a tag to compare

View all tags
@strongentropy strongentropy released this 31 May 07:23
· 46 commits to main since this release
v1.2.0
This tag was signed with the committer’s verified signature.
strongentropy
GPG key ID: 3263D1B87AAAFCD4
Verified
Learn about vigilant mode.
846eaf8
This commit was signed with the committer’s verified signature.
strongentropy
GPG key ID: 3263D1B87AAAFCD4
Verified
Learn about vigilant mode.

v1.2.0

New features

  • Visitor graph now includes OS (teal nodes) and device type (violet nodes) dimensions
    • OS detected from User-Agent: iOS, iPadOS, Android, ChromeOS, Windows, macOS, Linux
    • Device type sourced from Cloudflare runtime metadata (trusted, not attacker-controlled)

Security

  • parseOS() threat documented in THREAT_MODEL.md §3
  • jazzer.js fuzz target added for parseOS() — run in CI on every push
  • Fuzz coverage: ReDoS confirmed low-risk (simple literal regex patterns, no quantifier nesting)

Documentation

  • Public THREAT_MODEL.md updated to v1.2.0
  • Private threat model updated with residual risk and open items (admin repo)
  • README and SECURITY.md updated for v1.2.0

Signing key fingerprint: 3F1A A06D A8C5 8ACE F25B C882 3263 D1B8 7AAA FCD4

Verify: git tag -v v1.2.0

Assets 4
Loading