github dannybouwers/trala v0.15.0
v0.15.0: Security Enhancements
on GitHub

6 hours ago

🔒 Security Enhancements: Fortifying TraLa

Hey there, security-conscious dashboard enthusiasts! This release is all about locking things down tighter than a drum. TraLa now runs as a non-root user, adds security headers to fend off common web vulnerabilities, disables directory listing, and includes better error handling throughout. Plus, we've polished up the codebase with improved debugging and documentation. Your services are safer, and your mind can be at ease!

What's New

  • Enhanced Security: Added security headers (X-Content-Type-Options, X-Frame-Options, Referrer-Policy, etc.) and disabled directory listing on static file servers
  • Container Security: Docker image now runs as a non-root user with proper permissions and improved health checks
  • Server Hardening: Implemented read/write timeouts, header size limits, and better request context handling
  • Configuration Improvements: Better validation, error messages, and debug logging for configuration files
  • Development Tools: Added CONTRIBUTING.md guide, reorganized docs, and improved debugging utilities
  • Build Optimizations: Added Docker build caching and updated CI workflows

How to Use

No configuration changes required—just pull the latest image! TraLa will automatically apply all security enhancements. 

# Update your Docker Compose or deployment
docker pull ghcr.io/dannybouwers/trala:v0.15.0
# or
docker pull dannybouwers/trala:v0.15.0

Special Thanks

A huge shoutout to GitHub user @rendyhd for opening PR #117 (which I closed for good reasons) and providing some great security improvements for the app. Your contributions help make TraLa safer for everyone!

What's Changed

  • chore(deps): update withastro/action action to v6 by @renovate[bot] in #116
  • chore(deps): update actions/deploy-pages action to v5 by @renovate[bot] in #119
  • docs: add CONTRIBUTING.md to guide new contributors by @dannybouwers in #120
  • docs: Restructure documentation and add dedicated manual services page by @dannybouwers in #121
  • chore(deps): update node.js to v25.8.2 by @renovate[bot] in #122
  • fix: improve error handling and fix URL reconstruction by @dannybouwers in #123
  • fix: enhance security hardening by @dannybouwers in #124
  • fix: enhance concurrency safety and validation in configuration loading by @dannybouwers in #125
  • Fix Docker build and enhance CI/CD pipeline by @dannybouwers in #126
  • Fatal YAML Parsing, Enhanced Debug Logging, and Shared Debug Module by @dannybouwers in #118

Full Changelog: v0.14.1...v0.15.0

Check out latest releases or
releases around dannybouwers/trala v0.15.0

Don't miss a new trala release

NewReleases is sending notifications on new releases.

Get notifications