openclawd/docfast
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
docfast/src/services
History
OpenClaw 8a86e34f91
All checks were successful
Deploy to Production / Deploy to Server (push) Successful in 2m52s
Details
fix: critical and high-severity security fixes 
- CRITICAL: DNS rebinding SSRF - pin DNS resolution via request interception
- CRITICAL: XSS in billing success - use data-attribute instead of JS string
- HIGH: Webhook signature bypass - refuse unverified webhooks (500)
- HIGH: Filename header injection - sanitize Content-Disposition filename
- HIGH: Verification code timing attack - use crypto.timingSafeEqual()
- HIGH: Remove duplicate unreachable 404 handler
- HIGH: Add IPv6 unique local (fc00::/7) to SSRF private IP check
- HIGH: Replace console.warn with structured logger
2026-02-16 18:56:21 +00:00
..
browser.ts fix: critical and high-severity security fixes 2026-02-16 18:56:21 +00:00
db.ts Backend hardening: structured logging, timeouts, memory leak fixes, compression, XSS fix 2026-02-16 08:27:42 +00:00
email.ts Backend hardening: structured logging, timeouts, memory leak fixes, compression, XSS fix 2026-02-16 08:27:42 +00:00
keys.ts Backend hardening: structured logging, timeouts, memory leak fixes, compression, XSS fix 2026-02-16 08:27:42 +00:00
logger.ts Backend hardening: structured logging, timeouts, memory leak fixes, compression, XSS fix 2026-02-16 08:27:42 +00:00
markdown.ts Initial MVP: DocFast PDF API 2026-02-14 12:38:06 +00:00
templates.ts Backend hardening: structured logging, timeouts, memory leak fixes, compression, XSS fix 2026-02-16 08:27:42 +00:00
verification.ts fix: critical and high-severity security fixes 2026-02-16 18:56:21 +00:00