a9cdf846fe
CRITICAL fix: Users upgrading from pre-migration-tracking databases (now get 'invalid username/password' because schema_migrations table doesn't exist. Added handleLegacyDatabase() and reconcileLegacyMigrations() to detect and reconcile legacy DBs. Security fixes: - Path traversal: replaced sanitizePath() with ALLOWED_FILES allowlist - Public /about bypass: added admin route guard in App.jsx - Sensitive info exposure: expanded redactSensitiveContent() patterns - Error message path leaks: generic error messages only - Race condition: wrapped in db.transaction() in server.js - Password validation: INIT_REGULAR_PASS min 8 chars with process.exit(1) All verified by Bishop (build + runtime) and Private_Hudson (security). |
||
|---|---|---|
| .. | ||
| images | ||
| Authentik-Integration.md | ||
| CSRF-SPA-Setup.md | ||
| Engineering_Reference_Manual.md | ||
| Engineering_Reference_promp.md | ||
| RATE_LIMITING_ENHANCEMENT.md | ||
| UI_IMPROVEMENTS.md | ||