github ulsklyc/yuvomi v0.5.2
v0.5.2 — Bugfixes

latest releases: v1.27.1, v1.27.0, v1.26.0...
3 months ago

Full Changelog: v0.5.1...v0.5.2

fix: address CodeQL security findings (v0.5.2)

  • Rate-limit SPA fallback route (missing rate limiting on fs access)
  • Add csrfMiddleware to all state-changing auth routes (logout, create
    user, change password, delete user) — previously bypassed global CSRF
    middleware due to router registration order
  • Fix incomplete vCard escaping: escape backslashes before other special
    characters to prevent injection via contact fields
  • Restrict CI GITHUB_TOKEN to contents: read (least privilege)

Don't miss a new yuvomi release

NewReleases is sending notifications on new releases.