SecureBitChat/securebit-chat
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
cf36656341091f38c4eb9ed3442ee905252d5795
securebit-chat/src/components
T
History
lockbitchat cf36656341
CodeQL Analysis / Analyze CodeQL (push) Has been cancelled
Details
Deploy Application / deploy (push) Has been cancelled
Details
Mirror to Codeberg / mirror (push) Has been cancelled
Details
Mirror to PrivacyGuides / mirror (push) Has been cancelled
Details
release: v4.8.13 message integrity & transport hardening 
Bumps version to 4.8.13 across package.json, package-lock.json, manifest.json,
index.html, meta.json, README, SECURITY_DISCLAIMER, the site header and the
in-app init banner (previously desynced at 4.8.10/4.8.11/4.8.12).

Ships the security-review fixes already on main:
- removed the over-broad send-path keyword blocklist that silently rejected
  legitimate messages (real XSS defense remains receive-side DOMPurify)
- preserve newlines/tabs/indentation in outgoing message sanitization
- stop logging raw AAD (sessionId + keyFingerprint) on validation failure
- add Strict-Transport-Security and Permissions-Policy headers
- add outgoing-message-integrity regression tests
2026-06-18 17:08:59 -04:00
..
ui
release: v4.8.13 message integrity & transport hardening
2026-06-18 17:08:59 -04:00
QRScanner.js
feat(qr-exchange): improved QR code exchange system
2025-09-27 19:07:17 -04:00
QRScanner.jsx
feat(core): update session, security system and QR exchange
2025-09-23 20:01:02 -04:00
UpdateChecker.jsx
feat: implement comprehensive PWA force update system
2025-12-29 10:51:07 -04:00