GyroidVault v1.0.2 - Security Hardening & Stability Fixes
This release focuses on hardening application security for public instances, improving database reliability, and introducing robust client-side and server-side file validations.
🔒 Security Enhancements
- Double Extension Protection: Implemented strict checks against double extensions and dangerous intermediate extensions (e.g.,
.js.stl,.exe.png) during file uploads to prevent script execution vulnerabilities. - Minimized JWT Payload: Removed sensitive user information (
usernameandemail) from the JWT payload to comply with privacy best practices. - Password Strength Policies: Enforced password strength requirements (minimum 8 characters, requiring both letters and numbers) for registration, password reset, and profile updates.
- Path Leakage Prevention: Removed the physical "Copy File Path" feature from the frontend for all users to prevent internal directory structures and absolute system paths from leaking.
- Modernized Clipboard Operations: Replaced deprecated
document.execCommand('copy')with the modernnavigator.clipboardAPI, complete with a robust legacy fallback for non-HTTPS environments.
💾 Database & Reliability
- Database Write Safety: Wrapped disk-sync routines (
saveDb()) in try-catch blocks to prevent critical server crashes in the event of filesystem write failures. - Cleaned Schema Definitions: Removed a duplicate
print_historytable definition in the database initializer.
📤 File Management
- Client-Side Upload Validation: Introduced frontend checks that block file selections exceeding the 500MB limit before upload transmission begins, saving bandwidth and improving user experience.