mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-05-19 07:54:10 +00:00
e661665d24
- Remove overly restrictive password complexity requirements (now only 8+ chars) - Fix Change Password section not appearing in Settings > Security - Fix logout sometimes showing setup page instead of login page - Remove misleading desktop notifications option from first-run setup - Improve rate limiting on authentication endpoints - Fix sensitive data appearing in logs (passwords, tokens) - Enhance file permissions for sensitive files (0600) - Fix WebSocket origin validation defaults - Add password complexity validation for setup - Improve CSRF token handling after server restarts - Fix security status API using wrong fetch client - Add logout race condition prevention Security improvements: - No credential leakage in logs - Proper bcrypt password hashing - Session management enhancements - Rate limiting on all auth endpoints - Secure file permissions on sensitive data |
||
|---|---|---|
| .. | ||
| alerts.go | ||
| auth.go | ||
| config_handlers.go | ||
| diagnostics.go | ||
| frontend_embed.go | ||
| guest_metadata.go | ||
| middleware.go | ||
| notifications.go | ||
| ratelimit.go | ||
| router.go | ||
| security.go | ||
| security_setup_fix.go | ||
| settings.go | ||
| system_settings.go | ||
| updates.go | ||