Skip to content

v0.5.3 - Bugfixes

Choose a tag to compare

@ulsklyc ulsklyc released this 03 Apr 07:22

Full Changelog: v0.5.2...v0.5.3

fix(security): address multiple security findings from audit

  • Fix SQLCipher PRAGMA key interpolation (hex-encode key to prevent crash on single quotes)
  • Enforce min password length (8 chars) on admin user creation
  • Add length bounds on username/display_name and login inputs
  • Invalidate other sessions on password change
  • Multi-stage Docker build (exclude build tools from runtime)
  • Exclude docs/ from Docker image
  • Consolidate dotenv.config() to single entry point
  • Document flat family authorization model in SECURITY.md