This release promotes the tested test branch into main and includes security hardening, dependency
updates, monitoring improvements, topology layout polish, and workflow fixes.
Security
- Replaced
python-josewithPyJWT, removing the unmaintainedecdsadependency. - Updated/pinned vulnerable dependencies including
cryptography,starlette, DOMPurify, Vite, and React
plugin tooling. - Password changes and password resets now revoke active sessions.
- Password-reset flows now invalidate sibling reset tokens and require
APP_URLfor reset links. - RBAC checks tightened for alert management, IPAM mutations, syslog WebSockets, and configurable security-
view access. - Network tools now defend against DNS rebinding by resolving and validating targets before execution.
X-Forwarded-Forparsing now uses the rightmost forwarded address.- Scheduled discovery manual runs now enforce single-flight behavior.
- SNMP walk now has a wall-clock deadline.
- Syslog TCP connection handling no longer tracks unbounded per-connection thread references.
Added
- Overview favourites now open a monitoring detail popup directly on the Overview page.
- Monitoring now has a favourites-only filter.
- Tools Port Check supports TCP and UDP.
- Monitoring service checks support TCP and UDP targets.
- Topology adds a radial group layout option.
Changed
- Inventory now defaults to 25 rows per page.
- Existing saved 10-row Inventory page-size preferences migrate to 25 once, while still allowing users to
manually choose 10 later. - Port-check wording is now generic instead of TCP-only.
- Upgrade docs now start from
/opt/netmapbefore pull/recreate/backup commands.
Fixed
- Primary button styling no longer gets overridden in modal headers.
- Overview favourite detail behavior no longer navigates away to Monitoring.
- Alert monitor service checks now honour each target’s TCP/UDP type.
- Test-branch fixes and polish changes are now preserved in
mainhistory via the test-to-main merge.