sofarr v0.1.5
Docker
Changes
- Merge develop into main for v0.1.5
- chore: bump version to 0.1.5
- fix: splash screen hangs after login, never dismisses
- feat: add 'Keep me logged in' checkbox to login form
- fix(ci): upgrade nodemon to ^3 to resolve semver ReDoS vulnerability
- chore: add COOKIE_SECRET to .env, .env.example, .env.sample
- fix(security #17): add npm audit to CI pipeline and package scripts
- fix(security #15): read API keys from process.env at request time
- fix(security #13,#14): revoke Emby token on logout; stable DeviceId prevents unbounded sessions
- fix(security #12): add helmet security response headers
- fix(security #11): remove unused node-cron dependency
- fix(security #10): sanitize error details to prevent API key leakage
- fix(security #7,#8,#9): signed cookies, isAdmin tamper-proof, schema validation
- fix(security #6): add rate limiting to POST /api/auth/login
- fix(security #5): remove plaintext logging of Emby auth response and user object
- docs: update architecture docs and diagrams for recent changes
- feat: add favicon from sofarr-logoonly.png
- fix: proper multi-user tag badges using full Emby user list
- fix: extractUserTag now correctly finds the tag matching the current user
- fix: always show matched user tag badge, not just in showAll mode
- feat: multi-tag badges for showAll — amber for unmatched, accent for matched
- security: ensure log files excluded recursively from git and Docker builds (issue #16)
- security: fix issues #1-4 from security audit
Downloads
gronod released this