Skip to content

Releases: pglombardo/PasswordPusher

v1.48.0: Login Security Improvements

04 Nov 19:13
7ceab94
Compare
Choose a tag to compare

This release improves the overall security of logins in Password Pusher. Details below.

With this release, all pre-existing login sessions will end and users will have to log in again.

The improvements are:

  1. "Remember me" now only remembers for 1 week
  2. Login password length increased to 10 to 128 characters (previously 6 to 128) (preexisting login passwords unaffected)
  3. Login sessions now expire after 2 hours of inactivity
  4. Cookie serialization is now done via JSON to fix https://github.com/pglombardo/PasswordPusher/security/code-scanning/1

Being a security product dealing with sensitive information, these changes are appropriate.

📝 What’s Changed

⬆️ Dependencies updates

👥 List of contributors

@dependabot, @dependabot[bot] and @pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.47.5

..and go to http://localhost:5100

🔗 Useful Links

v1.47.4: Framework, Dependency & Security Updates

01 Nov 15:38
d4dec75
Compare
Choose a tag to compare

📝 What’s Changed

⬆️ Dependencies updates

👥 List of contributors

@dependabot, @dependabot[bot] and @pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.47.4

..and go to http://localhost:5100

🔗 Useful Links

v1.47.3: Throttling Fix & Brute Force Protections

25 Oct 13:02
e4e0bcf
Compare
Choose a tag to compare

📝 What’s Changed

This PR fixes a bug with throttling where if throttling values in settings.yml were commented out, it could cause a stack traces. Now, commenting out throttling values will disable throttling entirely.

Additionally, protections are now in place to rate limit login attempts to make brute force attacks more difficult.

  • Throttling fix & Add protection against login brute forcing (#2685) @pglombardo

⬆️ Dependencies updates

👥 List of contributors

@dependabot, @dependabot[bot] and @pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.47.3

..and go to http://localhost:5100

🔗 Useful Links

v1.47.2: New Admin Menu Item, Dependency & Security Updates

24 Oct 09:34
2a99e73
Compare
Choose a tag to compare

📝 What’s Changed

🚀 Features

⬆️ Dependencies updates

👥 List of contributors

@dependabot, @dependabot[bot] and @pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.47.2

..and go to http://localhost:5100

🔗 Useful Links

v1.47.1: Disable Secret URL Prefetch & Increased Security Logins

20 Oct 19:33
2513a0f
Compare
Choose a tag to compare

This release improves the security of logins. Details in #2651.

Thanks the security firm who pointed out these potential issues.

If I get permission, I'll post their details once all the fixes out. (There are more on the way)

📝 What’s Changed

🚀 Features

👥 List of contributors

@pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.47.1

..and go to http://localhost:5100

🔗 Useful Links

v1.47.0: New Background Worker Dashboard (Admin)

20 Oct 11:28
2504e53
Compare
Choose a tag to compare

📝 What’s Changed

This release bundles a new dashboard for background job monitoring for those running the pglombardo/pwpush-worker container. (Still in Beta).

Available from /admin and directly at /admin/jobs

Screenshot 2024-10-16 at 15 58 04

🚀 Features

⬆️ Dependencies updates

👥 List of contributors

@dependabot, @dependabot[bot] and @pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.46.4

..and go to http://localhost:5100

🔗 Useful Links

v1.46.3: Framework Security Patch

16 Oct 14:56
e0efeeb
Compare
Choose a tag to compare

📝 What’s Changed

👥 List of contributors

@pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.46.3

..and go to http://localhost:5100

🔗 Useful Links

v1.46.2: Translations Updates & Fixes

16 Oct 13:42
be61968
Compare
Choose a tag to compare

📝 What’s Changed

🚀 Features

⬆️ Dependencies updates

👥 List of contributors

@dependabot, @dependabot[bot] and @pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.46.2

..and go to http://localhost:5100

🔗 Useful Links

v1.46.1: Worker Container Fix

10 Oct 23:29
8120447
Compare
Choose a tag to compare

📝 What’s Changed

  • Fix pwpush-worker Docker container entry point
  • Update Docker compose files

⬆️ Dependencies updates

👥 List of contributors

@dependabot, @dependabot[bot] and @pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.46.1

..and go to http://localhost:5100

🔗 Useful Links

v1.46.0: New worker container

10 Oct 23:25
f3fb8ab
Compare
Choose a tag to compare

The worker container is being added for future functionality. Currently it runs the background cleanup tasks. It is not required to run the application.

📝 What’s Changed

🚀 Features

⬆️ Dependencies updates

👥 List of contributors

@dependabot, @dependabot[bot] and @pglombardo

🛥️ Docker Images

Available on Docker Hub:
https://hub.docker.com/r/pglombardo/pwpush

🏃‍♂️ Run This Version

docker run -d -p 5100:5100 pglombardo/pwpush:1.45.12

..and go to http://localhost:5100

🔗 Useful Links