v8.3.0 Release
This release includes several important features, security enhancements, and bug fixes.
🚀 New Features
Database Persistence for Geolocation and Benchmark Data
- Implemented persistent storage for geolocation service data in MongoDB, reducing redundant API calls when data is already available
- Added benchmark results storage in the database for improved data persistence and retrieval
- New database collections:
geolocationandbenchmarkconfigured in default settings
Designated User App Subscription Extension
- Added capability for designated users to extend app subscriptions on behalf of app owners
- New
usersToExtendconfiguration allows specified addresses to sign expire-only updates - Supports both standard and enterprise apps
- Includes
isExpireOnlyUpdate()validation to ensure designated users can only modify expiration-related fields
Enhanced Host Info Service
- Added benchmark information to the host info service endpoint
- Provides more comprehensive node status data for network monitoring
🔒 Security Enhancements
Hardened Filesystem Path Validation
- Added symlink-aware path validation to prevent directory traversal attacks
- Implemented
verifyRealPathandverifyRealPathOfExistingPathutilities from pathSecurity module - Enhanced path verification in:
- File upload operations (
IOUtils.js) - App folder queries (
fileQueryService.js) - Rename and remove operations (
fileSystemManager.js)
- File upload operations (
- Fixed edge cases in path checking logic
🐛 Bug Fixes
Enterprise v8 Apps Renewal Price Calculation
- Fixed renewal price calculation for v8 enterprise apps
- Added proper decryption of encrypted specifications before price calculation
⚡ Performance Improvements
- Reduced redundant geolocation update calls when data is already cached
- Converted geolocation functions to async/await pattern for better performance and consistency
📁 Files Changed (25 files, +594 −89)
Core Services:
ZelBack/config/default.js- New collection configs and usersToExtend listZelBack/src/services/IOUtils.js- Path verification in file uploadsZelBack/src/services/appLifecycle/appInstaller.js- Async geolocation checksZelBack/src/services/appLifecycle/appSpawner.js- Async geolocation callsZelBack/src/services/appMessaging/messageVerifier.js- Designated user extension supportZelBack/src/services/appQuery/fileQueryService.js- Path traversal preventionZelBack/src/services/appRequirements/hwRequirements.js- Async geolocation functionsZelBack/src/services/appSystem/fileSystemManager.js- Symlink-aware validationZelBack/src/services/appSystem/systemIntegration.js- Async geolocation support
Configuration:
package.json- Version bump to 8.3.0
Tests:
- Multiple test files updated to accommodate async function changes