Skip to content

v0.1.4 — Payload Transformation & Multi-arch

Choose a tag to compare

View all tags
@voyvodka voyvodka released this 05 May 09:14
· 116 commits to main since this release
v0.1.4
4fcaf22
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

WebhookEngine v0.1.4

ADR-003 (payload transformation) shipped end-to-end, OpenAPI/Scalar reference surface, NuGet brand icon, Docker Hub overview sync, and the multi-arch image (linux/amd64 + linux/arm64). Alpine base layers refreshed to clear 7 of the 11 Docker Scout CVEs against v0.1.3.

Added

  • Payload transformation (ADR-003) — full rollout: per-endpoint JMESPath expressions reshape the body before signing and POSTing. Schema (Phase 1), delivery integration with timeout + output-size guards (Phase 2), and a CodeMirror 6-powered dashboard editor with live POST /api/v1/dashboard/transform/validate preview (Phase 3). Fail-open contract — any error falls back to the original payload.
  • OpenAPI document + Scalar interactive reference: /openapi/v1.json + /scalar UI, mapped only in Development and Staging.
  • NuGet brand icon: WebhookEngine.Sdk now ships with the project mark embedded.
  • Docker Hub overview sync: the GitHub README is now synced into the Docker Hub repository overview tab on every release.
  • Security automations: CodeQL (csharp + js-ts), Dependency Review, Dependabot for NuGet/npm/GitHub Actions/Docker base images.

Fixed

  • Multi-architecture Docker image: linux/amd64 + linux/arm64 manifest list. Previous releases were amd64-only — Apple Silicon Macs and arm64 Linux servers can now docker pull cleanly.
  • Removed phantom unknown / unknown row on Docker Hub: provenance + SBOM attestations explicitly disabled so the tag listing shows only the real platforms.

Security

  • Alpine base image refresh: openssl/libcrypto3/libssl3 3.5.5-r03.5.6-r0 (1 critical + 5 high CVEs cleared) and musl 1.2.5-r211.2.5-r23 (1 high CVE cleared) via Docker Scout. All Dockerfile FROMs now SHA-pinned for Dependabot tracking.
  • Log-forging hardening: the JMESPath transformer now sanitizes user-supplied expressions before logging (4 cs/log-forging alerts resolved). LogSanitizer moved to WebhookEngine.Core.Utilities so both API and Infrastructure can consume it.

Changed

  • Frontend toolchain: dashboard package manager migrated from Yarn to Bun 1.2+.

Removed

  • WebhookEngine.Application project: empty since the CQRS scaffold removal in v0.1.0; cleaned up across the solution and ADR-002.

Quick Start

docker pull voyvodka/webhook-engine:0.1.4   # amd64 + arm64
# or
docker pull voyvodka/webhook-engine:latest

cd docker && docker compose up -d

Links

Assets 2
Loading