🐛 Patch Changes
-
e8162c3: Security hardening across the build pipeline and runtime: every GitHub Action is now pinned by commit SHA, the awesome-free-llm-apis data feed is pinned to an immutable commit and validated for HTTPS shape before render, the encryption-key cache no longer keeps the raw secret as a Map key, the Google Gemini API key moves from
?key=query param to thex-goog-api-keyheader (so it stays out of upstream proxy/LB access logs), OpenAI OAuth error logs run throughscrubSecrets, the OAuthbackendUrlnow prefersBETTER_AUTH_URLover the requestHostheader, the dev-loopback agent fallback prefers the seeded tenant over picking the first active key, rejected agent keys log only the fixedmnfst_prefix, and migrations log via the TypeORM logger instead ofconsole.log.npm audit fixresolved vite + postcss CVEs. A boot-time check counts active legacy static-salt API-key hashes and warns if any remain (no forced rotation).MANIFEST_ENCRYPTION_KEYis now documented and threaded throughdocker-compose.yml; if unset the runtime still falls back toBETTER_AUTH_SECRET. -
f0082d5: Fix: detect Podman and Kubernetes as self-hosted runtimes. Manifest now reads
/run/.containerenv(Podman) andKUBERNETES_SERVICE_HOSTin addition to/.dockerenv, so rootless Podman and Kubernetes installs no longer fall back to cloud-mode SSRF rules and rejecthttp://URLs to local LLM servers.Also narrows the cloud-metadata SSRF block to the actual IMDS addresses (
169.254.169.254,169.254.169.253,100.100.100.200,fd00:ec2::254) instead of the entire169.254.0.0/16link-local range, so self-hosted users can reachhost.containers.internal(which Podman maps to169.254.x.yunder pasta/slirp4netns). Cloud mode is unchanged: link-local space is still rejected via the private-IP guard.