github yusing/godoxy v0.27.5
on GitHub

9 hours ago

Security

  • Core/API: Added CSRF protection using the Signed Double Submit Cookie pattern to prevent cross-site request forgery attacks. API endpoints now validate X-CSRF-Token header against CSRF cookies for unsafe methods (POST, PUT, DELETE, PATCH).
    Safe methods (GET, HEAD, OPTIONS) automatically receive CSRF tokens.
    Login and callback endpoints are exempt to support browser-based authentication flows. (core: 213e4a5, webui: yusing/godoxy-webui@4432fa9db9b8)
  • Core/File API: Fixed path traversal vulnerability in config file endpoint by restricting file access to the application root using os.OpenRoot. (a541d75)
    Thanks @ormzro

Improvements

  • Core: Upgrade backend dependencies (f67ef3c)
  • WebUI: Upgraded Vite from v7 to v8, including major updates to TanStack packages, fumadocs, motion, and nitro for improved build performance and compatibility.
  • WebUI: Migrated react-use-websocket to handle ESM compatibility issues and replaced DEBUG_BUILD configuration with NODE_ENV detection in the build process.

Full Changelog: v0.27.4...v0.27.5

Check out latest releases or
releases around yusing/godoxy v0.27.5

Don't miss a new godoxy release

NewReleases is sending notifications on new releases.

Get notifications