v1.0.8-beta.012 - security: comprehensive hardening of auth, proxy, and backup systems
CRITICAL FIXES:
- Removed insecure hardcoded secret fallbacks in password reset, impersonation, and backup routes. System now fails fast at startup if NEXTAUTH_SECRET is unset or default[cite: 34].
- Implemented server-side HTML sanitization for metadata descriptions using sanitize-html to prevent XSS via dangerouslySetInnerHTML.
- Upgraded backup security to use PBKDF2 with 100,000 iterations for key derivation and added backup versioning (v3.0).
HIGH & MEDIUM PRIORITY FIXES:
- Hardened Cover Proxy against SSRF by implementing host validation (restricting to known providers), private IP blocking, 5s AbortController timeouts, and a 10MB size cap.
- Fixed path-traversal vulnerability in cover route by resolving symlinks with fs.realpathSync and verifying the target is within an authorized library root.
- Secured impersonation tokens with crypto.timingSafeEqual comparison and 1-hour session binding.
- Resolved N+1 query issues and fire-and-forget race conditions in the Requests API using Prisma includes and awaited cleanup logic.
- Implemented atomic JobLocking for library scans to prevent concurrent duplicate issue creation.
- Redacted sensitive database connection strings in the Admin Config API.
- Replaced various silent .catch() blocks with proper Logger integration to surface DB failures.
MAINTAINABILITY & ACCESSIBILITY:
- Refactored core metadata schema to split overloaded metadataId into cvId (Int) and matchState (String).
- Improved accessibility by adding aria-labels to interactive elements and alt text to library images.
- Implemented robust readProgress calculation to defend against NaN errors.
- Enhanced UI stability by disabling inputs during password reset submission and adding auto-reset timers for clipboard Copied states.
- Added visual fallback for broken cover images.