openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docfast/src
History
OpenClaw 8a86e34f91
All checks were successful
Deploy to Production / Deploy to Server (push) Successful in 2m52s
Details
fix: critical and high-severity security fixes 
- CRITICAL: DNS rebinding SSRF - pin DNS resolution via request interception
- CRITICAL: XSS in billing success - use data-attribute instead of JS string
- HIGH: Webhook signature bypass - refuse unverified webhooks (500)
- HIGH: Filename header injection - sanitize Content-Disposition filename
- HIGH: Verification code timing attack - use crypto.timingSafeEqual()
- HIGH: Remove duplicate unreachable 404 handler
- HIGH: Add IPv6 unique local (fc00::/7) to SSRF private IP check
- HIGH: Replace console.warn with structured logger
2026-02-16 18:56:21 +00:00
..
__tests__ Add landing page, tests, Docker deployment, nginx config 2026-02-14 13:01:07 +00:00
middleware fix: critical and high-severity security fixes 2026-02-16 18:56:21 +00:00
routes fix: critical and high-severity security fixes 2026-02-16 18:56:21 +00:00
services fix: critical and high-severity security fixes 2026-02-16 18:56:21 +00:00
index.ts fix: critical and high-severity security fixes 2026-02-16 18:56:21 +00:00