Skip to content

v1.9.3 - XSS Hardening and Dependency Updates

Latest
Latest

Choose a tag to compare

View all tags
@yellowcooln yellowcooln released this 09 Jun 00:32
· 2 commits to main since this release
v1.9.3
1ee41ea
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

This release focuses on security hardening and dependency maintenance.

Security

  • Fixed issue #74 by hardening frontend rendering against stored-XSS style payloads from untrusted MeshCore/MQTT fields.
  • Node names, peer names, route labels, search results, permanent labels, node popups, Peers rows, Route Details, History popups, and Coverage popups now escape displayed HTML before rendering.
  • Map behavior is unchanged: public keys, coordinates, QR payloads, copy actions, route handling, peer selection, and filters continue using the original data.

Maintenance

  • Updated backend dependencies:
    • fastapi==0.136.3
    • uvicorn[standard]==0.49.0
    • httpx==0.28.1
  • Added httpx2==2.3.0 for dev tests so FastAPI/Starlette TestClient runs without the deprecated-httpx warning.

Testing

  • 98 passed, 2 skipped

What's Changed

  • Harden frontend rendering and update to release version 1.9.3 by @yellowcooln in #75

Full Changelog: v1.9.2...v.1.9.3

Contributors

yellowcooln
Assets 2
Loading