Pulse/internal at d716bbfdeba29536bdb8ebf53e9dee977476bfbd - Pulse - Gitea: Git with a cup of tea

gitea-mirror/Pulse

mirror of https://github.com/rcourtman/Pulse.git synced 2026-02-18 23:41:48 +01:00

Files

History

rcourtman d716bbfdeb fix(security): add proper authorization to sensitive endpoints

- /api/agent-install-command: require admin + settings:write scope
  Previously only RequireAuth, allowing any authenticated user to mint
  high-privilege API tokens (host-agent:manage)

- /api/system/ssh-config: require settings:write scope
  Previously any authenticated token could modify ~/.ssh/config

- /api/system/verify-temperature-ssh: require settings:write scope
  Previously any authenticated token could trigger SSH connection
  attempts to arbitrary nodes (network scanning risk)

- /api/diagnostics: require admin privileges
  Previously exposed API token metadata (IDs, hints, usage mapping)
  to any authenticated token, enabling enumeration attacks

2026-02-03 17:47:40 +00:00

..

chore: reliability and maintenance improvements

2026-01-22 00:45:04 +00:00

fix: Allow qm/pct reboot/shutdown commands with approval

2026-01-04 17:57:51 +00:00

Refactor: Core monitoring and update managers multi-tenancy

2026-01-22 16:43:24 +00:00

fix(discovery): include IPAddresses in state adapter for URL suggestion

2026-02-03 17:05:01 +00:00

Fix multi-tenant persistence and backend stability

2026-02-03 16:24:42 +00:00

fix(security): add proper authorization to sensitive endpoints

2026-02-03 17:47:40 +00:00

Fix offline buffering: add tests, remove unused config, fix flaky test

2025-12-02 22:31:44 +00:00

Improve internal package test coverage

2025-12-29 17:25:21 +00:00

Fix API token authentication and multi-tenancy logic

2026-02-03 16:24:28 +00:00

Improve internal package test coverage

2025-12-29 17:25:21 +00:00

fix: Update runtime config when toggling Docker update actions setting

2026-01-03 11:14:17 +00:00

fix: env overrides and OS-aware test improvements

2026-01-22 13:49:05 +00:00

refactor: Remove unreachable dead code branches

2025-12-02 14:48:57 +00:00

Update core infrastructure components

2026-01-28 16:52:35 +00:00

fix: ZFS pool usage now includes zvols and all pool consumers

2026-01-29 12:08:38 +00:00

feat(backend): implement AI Patrol, Investigation, and system-wide refactors

2026-01-30 19:02:14 +00:00

kubernetesagent

test: expand backend coverage

2026-01-25 21:08:44 +00:00

feat(license): implement free Patrol / pro Auto-Fix tiering strategy

2026-02-01 16:27:10 +00:00

fix: address linting issues and test adjustments

2026-02-01 23:27:11 +00:00

Improve internal package test coverage

2025-12-29 17:25:21 +00:00

test: expand backend coverage

2026-01-25 21:08:44 +00:00

feat(kubernetes): Add Kubernetes mock data and UI

2025-12-12 23:13:40 +00:00

Update core infrastructure components

2026-01-28 16:52:35 +00:00

fix: address 6 security and reliability issues

2026-02-03 17:32:44 +00:00

fix: address 6 security and reliability issues

2026-02-03 17:32:44 +00:00

test: expand backend coverage

2026-01-25 21:08:44 +00:00

fix: Add nil checks in findDuplicate() to prevent crash. Related to #1119

2026-01-18 13:41:00 +00:00

test: expand backend coverage

2026-01-25 21:08:44 +00:00

servicediscovery

feat(discovery): auto-suggest web interface URLs for discovered services

2026-02-03 16:49:57 +00:00

feat: PULSE_DISK_EXCLUDE now applies to SMART monitoring. Related to #983

2025-12-31 23:07:01 +00:00

Improve internal package test coverage

2025-12-29 17:25:21 +00:00

Improve internal package test coverage

2025-12-29 17:25:21 +00:00

test: add unit tests for types package

2025-11-26 14:10:21 +00:00

updatedetection

Enhance devcontainer and CI workflows

2026-01-01 22:29:15 +00:00

fix: SSE race conditions, alert user spoofing, and security status oracle

2026-02-03 17:40:58 +00:00

Enhance devcontainer and CI workflows

2026-01-01 22:29:15 +00:00

Fix security vulnerabilities and critical bugs

2026-02-03 17:16:27 +00:00