Security
- Tamper-proof encrypted files — Files now use an authenticated format that detects any modification, reordering, or truncation and refuses to decrypt altered files.
- Stronger password protection — Increased PBKDF2 key-derivation iterations (250,000 → 600,000) to better resist password brute-forcing.
- XSS protection — Filenames and notification messages are now rendered safely, so a maliciously named file can no longer run code in the page.
- Crafted-file safeguards — Encrypted-file metadata is validated before use, preventing malformed files from freezing your browser.
- Hardened web server — Added a strict Content-Security-Policy, HSTS, and other security headers to the bundled Docker image.
Improvements
- Large file warning — You're now prompted before processing very large files that could exhaust browser memory.
- Reliable clipboard feedback — Generating a password now confirms whether it was actually copied to your clipboard.
Maintenance
- Automated dependency updates — Added Dependabot to keep the Docker base image and CI actions current.
- Build & release fixes — More robust image file permissions and version tagging.
Compatibility: Existing
.vaultfiles remain fully decryptable. Files encrypted with 1.5.0 use the new authenticated format and require 1.5.0 or later to decrypt.