[0.4.0] - 2026-03-01
Added
- Landlock sandboxing implementation
- Logging of API requests
- Time range info when zooming in
- Mock data generator
Changed
- Buffered I/O Streams (time windows switching optimization)
Security
- Fixed XSS vulnerability in web UI system info display
- Fixed insecure Auth Session cookie by setting Secure attribute dynamically
- Replaced Whirlpool with argon2
- Fixed critical RLock and Delete map panic in ValidateSession
- Fixed weak session token generation crash
- Fixed storage tier permissions
- Added security headers (CSP, Frame-Options, Content-Type)
- Restrained WebSocket connections mapping MaxPayloadBytes limits
- Added missing upper bounds checks against abusive 31+ day historical queries
- Masked password with asterisks in the hash-password mode
Removed
- Whirlpool password hashing algorithm