Highlights
Upgrade blocker fix for legacy v3.x SQLite databases. beta8 crashed on container launch for users upgrading from v3.x with SqliteError: foreign key mismatch - "neighbor_info" referencing "nodes" during migration 040. This release fixes the immediate crash and drops all remaining legacy nodes(nodeNum) FKs so the issue can't recur.
Bug Fixes
- fix(db): resolve 4.0-beta8 migration 040 crash on legacy v3.x SQLite DBs (#2761)
- Migration 040: wrap the NULL-sourceId neighbor purge in a
foreign_keys = OFFguard (matches migration 039's pattern). - Migrations 042/043/044: durable fix — rebuild
messages,neighbor_info, andtracerouteswithout the brokenREFERENCES nodes(nodeNum)FKs, so future DML on these tables no longer needs to toggle foreign keys.
- Migration 040: wrap the NULL-sourceId neighbor purge in a
Security
- security(codeql): PR 4 — medium severity + singleton findings (#2760)
- security: resolve 20 high-severity CodeQL alerts (PR 3) (#2759)
- security(codeql): PR 2 — critical fixes (SSRF, insecure PRNG, type confusion) (#2758)
- chore(codeql): scope scans to app code; dismiss 25 test/dev false positives (#2757)
Release
- chore: bump version to 4.0.0-beta9 (#2762)
Full Changelog: v4.0.0-beta8...v4.0.0-beta9
🚀 MeshMonitor v4.0.0-beta9
📦 Installation
Docker (recommended):
docker run -d \
--name meshmonitor \
-p 8080:3001 \
-v meshmonitor-data:/data \
ghcr.io/Yeraze/meshmonitor:4.0.0-beta9🧪 Testing
✅ All tests passed
✅ TypeScript checks passed
✅ Docker images built for linux/amd64, linux/arm64, linux/arm/v7
📋 Changes
See commit history for detailed changes.