Zimeng Xiong
31 lines
959 B
Markdown
31 lines
959 B
Markdown
# ExcaliDash v0.1.5
|
|
|
|
Date: 2025-11-23
|
|
|
|
Compatibility: v0.1.x (Backward Compatible)
|
|
|
|
# Security
|
|
|
|
- RCE: implemented strict Zod schema validation and input sanitization on file uploads; added path traversal guards to file handling logic
|
|
|
|
- XSS: used DOMPurify for HTML sanitization; blocked execution-capable SVG attributes and enforces CSP headers.
|
|
|
|
- DoS: moved CPU-intensive operations to worker threads to prevent event loop blocking; request rate limiting (1,000 req/15 min per IP) and streaming for large files
|
|
|
|
# Infras & Deployment
|
|
|
|
- non-root execution (uid 1001) in containers
|
|
- migrated to multi-stage Docker builds
|
|
|
|
# Database
|
|
|
|
- migrated to better-sqlite3, converted all DB interactions to non-blocking async operations and offloaded integrity checks to worker threads.
|
|
|
|
- implemented SQLite magic header validation; added automatic backup triggers preceding data import
|
|
|
|
- input validation logic
|
|
|
|
# Frontend
|
|
|
|
- updated Settings UI to show version
|