security+feat: v1.3.0 — pentest remediation, container reliability, UI overhaul
Security (33 pentest findings addressed):
- CRITICAL: backend binds 127.0.0.1, path traversal in tor.rs/dwn fixed
- HIGH: federation requires signatures, XSS login redirect, RBAC viewer restricted
- HIGH: tar slip prevention, S3 SSRF validation, backup ID validation
- MEDIUM: remember-me random secret, TOTP session rotation, password re-auth
- LOW: CSP unsafe-inline removed, CORS dev-only, onion/webhook validation
Container reliability:
- Memory limits on all 37 containers (OOM prevention)
- Exited vs stopped state distinction with health-aware status badges
- Crash recovery coordination (no more restart cascade)
- User-stopped tracking survives reboots
- Tiered boot recovery (databases → core → services → apps)
UI:
- Wallet TransactionsModal, health-aware app status badges
- Restart button on containers, exited/crashed red state
- Mesh view overhaul, glass button updates, BaseModal/ToggleSwitch
- Apps sticky header removed, dev faucet, mutable mock wallet
Infrastructure:
- LND REST port 8080 exposed over Tor (LND Connect fix)
- Nginx cookie_session fix, deploy script Tor config updated
- Dev environment: podman auto-start, boot mode simulation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 12:44:31 +00:00
|
|
|
---
|
2026-03-19 16:12:01 +00:00
|
|
|
name: v1.3.0 Deploy Status
|
|
|
|
|
description: March 19 session — pentest remediation, container reliability, deployment to .228/.198
|
security+feat: v1.3.0 — pentest remediation, container reliability, UI overhaul
Security (33 pentest findings addressed):
- CRITICAL: backend binds 127.0.0.1, path traversal in tor.rs/dwn fixed
- HIGH: federation requires signatures, XSS login redirect, RBAC viewer restricted
- HIGH: tar slip prevention, S3 SSRF validation, backup ID validation
- MEDIUM: remember-me random secret, TOTP session rotation, password re-auth
- LOW: CSP unsafe-inline removed, CORS dev-only, onion/webhook validation
Container reliability:
- Memory limits on all 37 containers (OOM prevention)
- Exited vs stopped state distinction with health-aware status badges
- Crash recovery coordination (no more restart cascade)
- User-stopped tracking survives reboots
- Tiered boot recovery (databases → core → services → apps)
UI:
- Wallet TransactionsModal, health-aware app status badges
- Restart button on containers, exited/crashed red state
- Mesh view overhaul, glass button updates, BaseModal/ToggleSwitch
- Apps sticky header removed, dev faucet, mutable mock wallet
Infrastructure:
- LND REST port 8080 exposed over Tor (LND Connect fix)
- Nginx cookie_session fix, deploy script Tor config updated
- Dev environment: podman auto-start, boot mode simulation
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-19 12:44:31 +00:00
|
|
|
type: project
|
|
|
|
|
---
|
|
|
|
|
|
2026-03-19 16:12:01 +00:00
|
|
|
## v1.3.0 Deployed (2026-03-19)
|
|
|
|
|
|
|
|
|
|
### .228 — Fully deployed and verified
|
|
|
|
|
- All 33 pentest security fixes live (including backend auth on /lnd-connect-info)
|
|
|
|
|
- ElectrumX headers.subscribe fix — synced at block 941k+
|
|
|
|
|
- Container reliability: memory limits in scripts, crash recovery coordination, health badges
|
|
|
|
|
- Backend bound to 127.0.0.1:5678 (systemd + nginx)
|
|
|
|
|
- Frontend: iframe auto-retry, TransactionsModal, health-aware badges, What's New v1.3.0
|
|
|
|
|
- 31 containers running, all healthy
|
|
|
|
|
|
|
|
|
|
### .198 — Partially deployed, needs attention
|
|
|
|
|
- Binary deployed but machine chronically overloaded (8GB RAM, load 10+)
|
|
|
|
|
- Bitcoin RPC 401 FIXED (secrets dir was root-owned)
|
|
|
|
|
- SearXNG settings.yml created, LND Tor REST port 8080 added
|
|
|
|
|
- Tor uses archipelago torrc NOT system torrc — needs consolidation
|
|
|
|
|
- Jellyfin stopped to save resources
|
|
|
|
|
- ElectrumX indexing (pruned data, will be slow)
|
|
|
|
|
|
|
|
|
|
### Deploy lessons learned
|
|
|
|
|
- `cargo clean -p` + rebuild doesn't always recompile if rsync preserved timestamps
|
|
|
|
|
- Fix: append blank line to force mtime change, or use `cargo build --release` after manual touch
|
|
|
|
|
- Atomic binary swap: `cp new, mv over running` works; `cp over running` fails with "Text file busy"
|
|
|
|
|
- systemd `Restart=always` prevents `systemctl stop` + `cp` — must use atomic mv
|
|
|
|
|
|
|
|
|
|
### Backlog for next session
|
|
|
|
|
1. .198 stabilization (reduce containers for 8GB, apply memory limits via container recreation)
|
|
|
|
|
2. .198 Tor consolidation (system tor vs archipelago tor process)
|
|
|
|
|
3. BTCPay iframe cross-origin error (needs nginx proxy config)
|
|
|
|
|
4. Tailscale admin page in iframe
|
|
|
|
|
5. ElectrumX UI: Tor first as connect option
|
|
|
|
|
6. Stagger animation fix + fleet dashboard + map tab
|
|
|
|
|
7. Deploy to Tailscale nodes (Arch 1/2/3)
|
|
|
|
|
8. App iframe error page — auto-retry now works, but needs polish
|
|
|
|
|
|
|
|
|
|
**Why:** Track deployment state for session continuity.
|
|
|
|
|
**How to apply:** Read at start of next session. Check .198 load before attempting operations.
|