Bug Fixes
- Logout button not visible (#73): Fixed auth check in navigation bar — the JavaScript was reading
d.usernamebut the/api/auth/meendpoint returns{user: {username: ...}}. The button now correctly appears for authenticated users. - Private CA rejected for internal networks (#72): Removed SSRF IP validation that incorrectly blocked private CA deployments (e.g., step-ca on
step-ca.internal.local). Private CAs legitimately resolve to internal network addresses.
Security Hardening
- Added
allow_redirects=Falseto the private CA connectivity test to prevent redirect-based SSRF.
Full Changelog: v2.0.0...v2.0.1