ulsklyc/oikos v0.5.2
v0.5.2 — Bugfixes

on GitHub

latest releases: v0.52.55, v0.52.54, v0.52.53...

one month ago

Full Changelog: v0.5.1...v0.5.2

fix: address CodeQL security findings (v0.5.2)

Rate-limit SPA fallback route (missing rate limiting on fs access)
Add csrfMiddleware to all state-changing auth routes (logout, create
user, change password, delete user) — previously bypassed global CSRF
middleware due to router registration order
Fix incomplete vCard escaping: escape backslashes before other special
characters to prevent injection via contact fields
Restrict CI GITHUB_TOKEN to contents: read (least privilege)

Check out latest releases or
releases around ulsklyc/oikos v0.5.2

Don't miss a new oikos release

NewReleases is sending notifications on new releases.

Get notifications