SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 21 Packages Projects Releases Wiki Activity

release: v4.8.9 security hardening patch
CodeQL Analysis / Analyze CodeQL (push) Has been cancelled
Details
Deploy Application / deploy (push) Has been cancelled
Details
Mirror to Codeberg / mirror (push) Has been cancelled
Details
Mirror to PrivacyGuides / mirror (push) Has been cancelled
Details

Browse Source 
- upgrade DOMPurify to patched release (fixes high-severity XSS GHSA-87xg-pxx2-7hvx)
- upgrade esbuild build dependency; npm audit now reports 0 vulnerabilities
- stop tracking config/ice-servers.js (TURN credentials); add example template
- production logger no longer prints error context or info/debug output
- bump version to 4.8.9 across header, manifest, README, init message
- update SECURITY.md supported-release table to v4.8.x
This commit is contained in:
lockbitchat
2026-06-15 15:08:03 -04:00
parent d11f250257
commit 366f080128
21 changed files with 691 additions and 347 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/app.jsx
+1 -1
View File
@@ -2018,7 +2018,7 @@ import { installDebugWindowHooks } from './utils/debugWindowHooks.js';
}
}
handleMessage(' SecureBit.chat Enhanced Security Edition v4.8.7 - ECDH + DTLS + SAS initialized. Ready to establish a secure connection with ECDH key exchange, DTLS fingerprint verification, and SAS authentication to prevent MITM attacks.', 'system');
handleMessage(' SecureBit.chat Enhanced Security Edition v4.8.9 - ECDH + DTLS + SAS initialized. Ready to establish a secure connection with ECDH key exchange, DTLS fingerprint verification, and SAS authentication to prevent MITM attacks.', 'system');
const handleBeforeUnload = (event) => {
if (event.type === 'beforeunload' && !isTabSwitching) {
src/components/ui/Header.jsx
+1 -1
View File
@@ -539,7 +539,7 @@ const EnhancedMinimalHeader = ({
React.createElement('p', {
key: 'subtitle',
className: 'text-xs sm:text-sm text-muted hidden sm:block'
}, 'End-to-end freedom v4.8.5')
}, 'End-to-end freedom v4.8.9')
])
]),
src/crypto/EnhancedSecureCryptoUtils.js
+3 -10
View File
@@ -973,20 +973,13 @@ class EnhancedSecureCryptoUtils {
// Production-safe console output
if (this.isProductionMode) {
if (level === 'error') {
// В production показываем только код ошибки без деталей
// In production expose only an opaque error code, never the context.
console.error(`❌ [SecureChat] ${message} [ERROR_CODE: ${this._generateErrorCode(message)}]`);
// Временно показываем детали для отладки
if (context && Object.keys(context).length > 0) {
console.error('Error details:', context);
}
} else if (level === 'warn') {
// В production показываем только предупреждение без контекста
// Warning text only, no context payload.
console.warn(`⚠️ [SecureChat] ${message}`);
} else if (level === 'info' || level === 'debug') {
// Временно показываем info/debug логи для отладки
console.log(`[SecureChat] ${message}`, context);
} else {
// В production не показываем другие логи
// info/debug and any other level: suppressed entirely in production.
return;
}
} else {