github ChrispyBacon-dev/DockFlare v2.0.4
DockFlare v2.0.4 - Security Hardening Release
on GitHub

latest releases: v2.1.7, v2.1.6, v2.1.5...
28 days ago

Hello everyone,

This release, DockFlare v2.0.4, is a dedicated security hardening release.

There's a bit of a story behind this version. I had previously released v2.0.5, which included a new login form. Unfortunately, this new form introduced some breaking changes, and I had to make the tough decision to roll back to v2.0.1.

I've now reintroduced the security enhancements from that release into this new version, v2.0.4. The improved login form that was part of v2.0.5 requires more testing in unstable branch and will be released in a future version once it's fully stable.

A special thanks to GitHub user @bcurran3 for highlighting some of these security concerns in issue #161, and to Reddit user t2_hur2hqu6k for their valuable feedback. Community contributions like these are invaluable in making DockFlare better and more secure for everyone.

What's New in v2.0.4 - Security Hardening

This release focuses on significant security enhancements to the DockFlare application, improving its resilience against common web vulnerabilities and increasing overall stability.

Security Enhancements

  • CSRF Protection: To prevent Cross-Site Request Forgery (CSRF) attacks, all forms in the web UI are now protected with anti-CSRF tokens. This ensures that all state-changing requests are legitimate and originate from the application's own interface.
  • Strengthened Content Security Policy (CSP): The CSP has been made more restrictive to mitigate the risk of Cross-Site Scripting (XSS) and other injection attacks. This helps to ensure that only trusted sources for scripts, styles, and other assets are allowed.
  • Pinned Dependencies: All Python dependencies in requirements.txt are now pinned to specific, stable versions. This enhances build reliability, ensures consistent deployments, and helps prevent potential supply-chain attacks by avoiding unexpected package updates.

I wanted to get these important security fixes out to you as soon as possible. The password-protected login form will be coming in a future release after it has been more thoroughly tested.

Thank you for your understanding and for your continued support in making DockFlare secure.

Cheers,
Chris

Check out latest releases or
releases around ChrispyBacon-dev/DockFlare v2.0.4

Don't miss a new DockFlare release

NewReleases is sending notifications on new releases.

Get notifications