tiny-forge

alexei.dolgolyov/tiny-forge

Fork 0

Commit Graph

Author	SHA1	Message	Date
alexei.dolgolyov	ff59d9f799	fix: security hardening for middleware, crypto, and backup handlers - Remove CORS origin reflection (SEC-C1 CRITICAL) - Add Content-Security-Policy header (SEC-H2) - Fix rate limiter memory leak with periodic stale IP cleanup (SEC-H5) - Enforce minimum 32-char ENCRYPTION_KEY (SEC-H4) - Validate backup type against allowlist (SEC-M6) - Fix backup download path traversal with path containment check (SEC-C2 CRITICAL)	2026-04-04 12:40:37 +03:00
alexei.dolgolyov	cdf21682d6	feat(docker-watcher): phase 2 - crypto & config seed loader AES-256-GCM encryption for credential storage, YAML seed config parser with validation, and transactional import into SQLite. Credentials (registry tokens, NPM password) encrypted before storage.	2026-03-27 21:01:16 +03:00

Author

SHA1

Message

Date

alexei.dolgolyov

ff59d9f799

fix: security hardening for middleware, crypto, and backup handlers

- Remove CORS origin reflection (SEC-C1 CRITICAL)
- Add Content-Security-Policy header (SEC-H2)
- Fix rate limiter memory leak with periodic stale IP cleanup (SEC-H5)
- Enforce minimum 32-char ENCRYPTION_KEY (SEC-H4)
- Validate backup type against allowlist (SEC-M6)
- Fix backup download path traversal with path containment check (SEC-C2 CRITICAL)

2026-04-04 12:40:37 +03:00

alexei.dolgolyov

cdf21682d6

feat(docker-watcher): phase 2 - crypto & config seed loader

AES-256-GCM encryption for credential storage, YAML seed config
parser with validation, and transactional import into SQLite.
Credentials (registry tokens, NPM password) encrypted before storage.

2026-03-27 21:01:16 +03:00

2 Commits