ChrispyBacon-dev/DockFlare v2.1.6 on GitHub

This release bundles security enhancements from v2.1.6 with the feature and bug fixes from the previously unreleased v2.1.5.

The security vulnerabilities were identified by GitHub's automated Dependabot and code scanning services.

What's New

The old DockFlare logo has been retired and replaced with a brand new animated version in the web UI. It's time to start thinking in tunnels ;)

This release resolves several security issues to harden the application and its deployment pipeline.

Dependency Vulnerability: Patched an outdated brace-expansion npm package by updating it to version 2.0.2, addressing a CVE related to inefficient regex.
Path Injection: The /help/<path:page> route was hardened against path traversal attacks by implementing stricter path validation using os.path.abspath.
Open Redirect: The login redirect mechanism was secured by validating the next parameter, preventing redirects to external, malicious sites.
Information Exposure: Prevented the leakage of sensitive exception details and stack traces in API/JSON responses for the /cloudflare-ping, /debug, and /api/v2/debug-info endpoints.
Insecure CI/CD Workflow: To adhere to the principle of least privilege, permissions for the GitHub Actions workflow have been explicitly restricted to contents: read.

New - Help Documentation: A comprehensive help section has been added to the web UI, providing users with easy access to documentation and guides.
Fixed - Country Dropdown Menu: An issue where the country dropdown menu in the Access Group modal was limited to 50 entries has been resolved. Raised in #204 thank you @MattW for finding this bug
Fixed - UI Refinements: Various minor refinements were made to the web UI for improved usability and a more polished user experience.

As always, thank you for using DockFlare and for your feedback!

Cheers, Chris