luneski/mqtt-explorer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
master
mqtt-explorer/app/package-lock.json
timotheereausanofi 4ae0645208
Some checks failed
Docker Browser Build / build-and-test (push) Has been cancelled
Details
Lint / lint (push) Has been cancelled
Details
feat: Add publish pane hide feature and comprehensive security updates 
Security & Compliance Updates:
- Add MQTT_EXPLORER_HIDE_PUBLISH_PANE env var to hide publish pane in browser mode
- Fix critical XSS vulnerabilities in UpdateNotifier and CodeDiff components with DOMPurify
- Implement secure credential handling (memory-based instead of sessionStorage)
- Add comprehensive audit logging system for security events
- Fix GitHub API token exposure by using Authorization header
- Enable certificate validation for TLS connections by default
- Update dependencies to fix 26+ security vulnerabilities
- Add privacy compliance notices and GDPR disclosures
- Implement secure session management with auto-clearing credentials

Features:
- Conditional publish pane visibility in desktop and mobile views
- Privacy policy and data processing transparency
- Enhanced audit trail for compliance

Breaking Changes:
- Updated multiple dependencies for security
- Changed credential storage mechanism
- Added DOMPurify dependency for XSS protection

Fixes #security-audit-2026
2026-05-05 19:13:49 +02:00

393 KiB
Raw Permalink Blame History

View Raw
Reference in New Issue View Git Blame Copy Permalink