github diegosouzapw/OmniRoute v1.6.6
Release v1.6.6

latest releases: v3.6.9, v3.6.8, v3.6.6...
one month ago

🔒 Security Fix

  • Auth bypass after onboarding — Fixed regression where users could access the dashboard without authentication after upgrading from older versions. The "no password" safeguard (for fresh installs) was incorrectly firing after onboarding was complete, allowing unauthenticated access when setupComplete=true but the password DB row was missing (#151)

Root Cause

proxy.ts:136 and apiAuth.ts:138 checked !settings.password to skip auth, but didn't verify if onboarding was already done. Added !settings.setupComplete guard so the bypass only applies before onboarding.

Affected versions: v1.6.3 – v1.6.5
Recommendation: Update immediately if you use password-protected access.

Full Changelog: v1.6.5...v1.6.6

Don't miss a new OmniRoute release

NewReleases is sending notifications on new releases.