release: v4.8.13 message integrity & transport hardening · cf36656341 - securebit-chat

release: v4.8.13 message integrity & transport hardening

CodeQL Analysis / Analyze CodeQL (push) Has been cancelled

Details

Deploy Application / deploy (push) Has been cancelled

Details

Mirror to Codeberg / mirror (push) Has been cancelled

Details

Mirror to PrivacyGuides / mirror (push) Has been cancelled

Details

Bumps version to 4.8.13 across package.json, package-lock.json, manifest.json,
index.html, meta.json, README, SECURITY_DISCLAIMER, the site header and the
in-app init banner (previously desynced at 4.8.10/4.8.11/4.8.12).

Ships the security-review fixes already on main:
- removed the over-broad send-path keyword blocklist that silently rejected
  legitimate messages (real XSS defense remains receive-side DOMPurify)
- preserve newlines/tabs/indentation in outgoing message sanitization
- stop logging raw AAD (sessionId + keyFingerprint) on validation failure
- add Strict-Transport-Security and Permissions-Policy headers
- add outgoing-message-integrity regression tests

This commit is contained in:

lockbitchat

2026-06-18 17:08:59 -04:00

parent 42be55aaeb

commit cf36656341

14 changed files with 51 additions and 25 deletions

									
										package.json
									
		+1
		-1
	
												View File
												
				@@ -1,6 +1,6 @@

				{

				  "name": "securebit-chat",

				  "version": "4.8.12",

				  "version": "4.8.13",

				  "description": "Secure P2P Communication Application with End-to-End Encryption",

				  "main": "index.html",

				  "scripts": {