Security
- Fix XSS vulnerabilities in mobile web UI
- Add
escapeHtml()for all user-provided content - Add
isValidSessionId()validation - Replace inline onclick with event delegation pattern
- Add
- Enhance AppleScript sanitization (escape
$and backtick characters)
Fixed
- Add WebSocket client error handler to prevent process crashes
- Fix race condition in useServer hook when component unmounts during async operation
- Close net server on port availability check error
Changed
- Add SIGTERM handler for graceful shutdown in containerized environments (Docker/K8s)
- Terminate all WebSocket clients explicitly before server shutdown
Full Changelog: v1.1.0...v1.1.2