Features:
- Add per-visitor rate limit on new topic creations (
visitor-topic-creation-limit-burst/visitor-topic-creation-limit-replenish, defaults 100 burst / 1m replenish) to mitigate topic-enumeration / squatting attacks that inflate the in-memory topic map
Bug fixes + maintenance:
- Remove
stacktrace-js,stacktrace-gps,humanize-duration, andjs-base64from the web app to reduce dependency and security footprint - Restrict the publish dialog's local file preview to safe image types (png/jpg/gif/webp) to prevent same-origin script execution from blob URLs when previewing a crafted SVG (GHSA-j8hr-p342-xrmh, thanks to @Venukamatchi for reporting)