c0m4r/kula 0.4.1

on GitHub

[0.4.1] - 2026-03-02

Fixed

• Fixed 100% CPU exhaustion in browser when switching to 1h time window
• Fix zoom resolution on coarse-resolution time ranges

Security

• Added rate limiting (max 5 attempts per 5 mins) to /api/login endpoint
• Added strict absolute path validation to prevent directory traversal in storage config
• Replaced silent parsing in /proc collectors with safe wrappers that explicitly log malformed data
• Updated daemon to gracefully shut down open network listeners using context.Context signal catching
• Migrated WebSocket handler from deprecated golang.org/x/net/websocket to github.com/gorilla/websocket
• Added strict Origin validation to prevent Cross-Site WebSocket Hijacking (CSWSH)