sipcapture/homer 11.0.283
on GitHub

5 hours ago

Security release

This release closes three coordinator security advisories. See docs/SECURITY.md for upgrade notes.

Fixes

GHSA-f46q-3v67-fmm4 — validate rawquery in POST /api/v4/statistics/query (read-only SQL only) (#837)
GHSA-6xp5-7rcx-xfgx — remove hardcoded default admin password sipcapture; random bootstrap password when hash omitted (#838)
GHSA-rqcc-94gv-wjm9 — enforce JWT on protected routes when coordinator.jwt.secret is empty; auto-persist .homer_jwt_secret (#839)

Documentation

Add Security hardening guide; update auth, coordinator, wizard, and OpenAPI docs.

Upgrade notes

Docker Compose (examples/docker/) with explicit JWT_SECRET and ADMIN_PASSWORD_HASH — no credential changes.
Empty JWT secret — API now requires authentication; check coordinator logs for jwt_secret_file.
Fresh install without admin hash — bootstrap password logged once at startup.

Full Changelog: 11.0.281...11.0.283

Check out latest releases or
releases around sipcapture/homer 11.0.283

Don't miss a new homer release

NewReleases is sending notifications on new releases.

Get notifications