a9cdf846fe
CRITICAL fix: Users upgrading from pre-migration-tracking databases (now get 'invalid username/password' because schema_migrations table doesn't exist. Added handleLegacyDatabase() and reconcileLegacyMigrations() to detect and reconcile legacy DBs. Security fixes: - Path traversal: replaced sanitizePath() with ALLOWED_FILES allowlist - Public /about bypass: added admin route guard in App.jsx - Sensitive info exposure: expanded redactSensitiveContent() patterns - Error message path leaks: generic error messages only - Race condition: wrapped in db.transaction() in server.js - Password validation: INIT_REGULAR_PASS min 8 chars with process.exit(1) All verified by Bishop (build + runtime) and Private_Hudson (security). |
||
|---|---|---|
| .. | ||
| .restore-1777763192032-96266b49.sqlite-shm | ||
| .restore-1777763192032-96266b49.sqlite-wal | ||
| database.js | ||
| schema.sql | ||