Redflag

Fimeg/Redflag

Fork 0

Commit Graph

Author	SHA1	Message	Date
Fimeg	3f9164c7ca	fix: complete security vulnerability remediation Critical Security Fixes: - Fix JWT secret derivation vulnerability - replace deriveJWTSecret with cryptographically secure GenerateSecureToken - Secure setup interface - remove JWT secret display and API response exposure - Fix database migration 012 parameter naming conflict in mark_registration_token_used function - Restore working Docker Compose environment variable configuration Security Impact: - Eliminates system-wide compromise risk from admin credential exposure - Removes sensitive JWT secret exposure during setup process - Ensures cryptographically secure JWT token generation - Fixes agent registration and token creation functionality Testing: - Agent registration working properly - Token consumption tracking functional - Registration tokens created without 500 errors - Secure JWT secret generation verified	2025-10-31 10:41:04 -04:00
Fimeg	a92ac0ed78	v0.1.17: UI fixes, Linux improvements, documentation overhaul UI/UX: - Fix heartbeat auto-refresh and rate-limiting page - Add navigation breadcrumbs to settings pages - New screenshots added Linux Agent v0.1.17: - Fix disk detection for multiple mount points - Improve installer idempotency - Prevent duplicate registrations Documentation: - README rewrite: 538→229 lines, homelab-focused - Split docs: API.md, CONFIGURATION.md, DEVELOPMENT.md - Add NOTICE for Apache 2.0 attribution	2025-10-30 22:17:48 -04:00

Author

SHA1

Message

Date

Fimeg

3f9164c7ca

fix: complete security vulnerability remediation

Critical Security Fixes:
- Fix JWT secret derivation vulnerability - replace deriveJWTSecret with cryptographically secure GenerateSecureToken
- Secure setup interface - remove JWT secret display and API response exposure
- Fix database migration 012 parameter naming conflict in mark_registration_token_used function
- Restore working Docker Compose environment variable configuration

Security Impact:
- Eliminates system-wide compromise risk from admin credential exposure
- Removes sensitive JWT secret exposure during setup process
- Ensures cryptographically secure JWT token generation
- Fixes agent registration and token creation functionality

Testing:
- Agent registration working properly
- Token consumption tracking functional
- Registration tokens created without 500 errors
- Secure JWT secret generation verified

2025-10-31 10:41:04 -04:00

Fimeg

a92ac0ed78

v0.1.17: UI fixes, Linux improvements, documentation overhaul

UI/UX:
- Fix heartbeat auto-refresh and rate-limiting page
- Add navigation breadcrumbs to settings pages
- New screenshots added

Linux Agent v0.1.17:
- Fix disk detection for multiple mount points
- Improve installer idempotency
- Prevent duplicate registrations

Documentation:
- README rewrite: 538→229 lines, homelab-focused
- Split docs: API.md, CONFIGURATION.md, DEVELOPMENT.md
- Add NOTICE for Apache 2.0 attribution

2025-10-30 22:17:48 -04:00

2 Commits