Highlights
- Licensing model — Bastillion now runs unlicensed at up to 5 registered systems.
Paid tiers (Starter/Team/Business) raise the cap; a.licfile is supplied via the
LICENSE_KEYenv var orlicenseKeyinBastillionConfig.properties. New
LicenseUtilvalidates the license, enforces the system cap, and surfaces
licensee/expiry info (with a 90-day pre-expiry warning) under Settings. - Self-contained jar — the app now runs as
java -jarwith an embedded Jetty
server and HTTPS out of the box (newio.bastillion.Main), instead of requiring a
separate servlet container distribution. - Upgraded to Java 21 and Jakarta EE 11, with dependency updates across the board.
- Full Ed25519 (default) and Ed448 SSH key support.
- v4 → v5 migration tool (
tools/migrate) — a standalone export/import utility
that moves users, systems, profiles, scripts, public keys, audit logs, and the
Bastillion application SSH key/identity from a v4 H2 database into a fresh v5
instance, re-encrypting secrets under the new instance's keystore. See
tools/migrate/README.mdfor the full procedure.
Security
- New
SecurityHeadersFilteradds hardened response headers app-wide. - New
CSRFFilter(part of the bundled MVC framework) protects state-changing
requests. - Session cookies now set
securein addition to the existinghttp-only. EncryptionUtilandKeyStoreUtilwere reworked;AuthDB/password verification
now supports the newer PBKDF2 hash format alongside the legacy single-round
SHA-256 formats (including v4's own concatenation scheme), so users can migrate
and log in with existing passwords unchanged.
Internal / build
- The previously external
io.bastillion:lmvcframework dependency is now merged
directly into the codebase asloophole.mvc, so the whole app builds from one
pom.xml. - Added unit test coverage:
AppConfigTest,EncryptionUtilTest,LicenseUtilTest,
and new tests for theloophole.mvcframework (dispatcher, base controller, CSRF
and security filters). - CI (
.github/workflows/github-build.yml) now runs the build/test on every push
and pull request, in addition to the existing hourly schedule — previously it
only ran on cron, so commits weren't verified until the next scheduled run. - README overhauled with an updated feature walkthrough, licensing section, and
screenshots.
Upgrading from v4
Use tools/migrate to bring your data forward — see tools/migrate/README.md.
Password hashes migrate as-is; existing users can log in immediately without a
reset.