Dorian
6656d2f1d9
fix: implement 22 security pentest remediation fixes
Server-side session management with SHA-256 hashed tokens and HttpOnly
cookies. Auth middleware gating all RPC/WS/proxy routes with method
allowlist. Login rate limiting (5/60s per IP). CORS restricted to
config origin. Docker registry allowlist. App ID and path validation.
P2P message sanitization (HTML + log injection). Onion address and
known-peer validation. Nginx security headers (CSP, X-Frame-Options,
etc.) and AIUI proxy auth. Systemd hardening (non-root, NoNewPrivileges,
ProtectSystem).
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-06 03:26:56 +00:00
..
2026-03-06 03:26:56 +00:00
2026-03-04 23:05:01 +00:00
2026-03-02 08:34:13 +00:00
2026-03-02 08:34:13 +00:00
2026-02-17 15:03:34 +00:00
2026-02-17 15:03:34 +00:00
2026-03-04 05:23:42 +00:00
2026-02-17 15:03:34 +00:00
2026-03-06 03:26:56 +00:00
2026-03-06 03:26:56 +00:00
2026-02-17 15:03:34 +00:00
2026-02-17 15:03:34 +00:00
2026-02-17 15:03:34 +00:00
2026-02-17 15:03:34 +00:00
2026-03-06 03:26:56 +00:00
2026-02-01 13:24:03 +00:00