Branches

• refine-csp-config

  5a7225ad · Refine CSP frame-src and connect-src configuration · Jan 05, 2026
  !793
• fix-compose-env-file

  f6ce809e · Write docker/.env on deploy for compose ps/logs commands · Jan 04, 2026
  !792
• fix-swarm-healthcheck-localhost

  0de3b905 · Rename deploy-swarm.sh to deploy.sh (uses Docker Compose, not Swarm) · Jan 04, 2026
  !791
• fix-swarm-healthcheck

  15e6581e · Disable health checks for Swarm overlay compatibility · Jan 04, 2026
  !789
• fix-swarm-rolling-updates

  53a74d59 · Fix Docker Swarm rolling update deadlock · Jan 04, 2026
  !788
• improve-swarm-deployment

  fc408f03 · Improve Docker Swarm deployment for production use · Jan 03, 2026
  !787
• add-swarm-deployment

  3522de77 · feat: Add Docker Swarm deployment scripts for zero downtime · Jan 03, 2026
  !784
• add-csp-report-only

  5e8618a0 · feat: Add Content-Security-Policy-Report-Only header · Dec 31, 2025
  !781
• add-csp-report-endpoint

  e34677fc · feat: Add CSP violation report endpoint · Dec 31, 2025
  !780
• add-response-headers

  a1f30e57 · feat: Add additional security headers and disable X-Powered-By · Dec 30, 2025
  !779
• improve-oidc-redirect-handling

  b87a8641 · fix: Add redirect URL validation to OIDC flow · Dec 30, 2025
  !778
• fix-account-validator-consecutive-dashes

  097d63ef · fix: Allow consecutive dashes in account name validation · Dec 30, 2025
  !776
• improve-avatar-endpoint

  7ac437c4 · fix: Add username validation to avatar endpoints · Dec 30, 2025
  !775
• improve-cors-defaults

  88db043b · fix: Change CORS default to deny-all when unconfigured · Dec 28, 2025
  !773
• improve-external-url-handling

  b5ab9ca8 · fix: Validate external URLs before rendering as links · Dec 23, 2025
  !769
• refactor-rocketchat-config

  b0db70a2 · fix: Replace dummy plausible secrets with clear placeholders · Dec 23, 2025
  !768
• unify-cover-image-proxification

  f74419ff · fix(security): Prevent CSS injection in profile cover images · Dec 23, 2025
  !767
• improve-log-account-validation

  6226ce28 · fix(security): Validate username format in log_account endpoint · Dec 23, 2025
  !765
• fix/log-account-headers

  1c6c6d59 · fix: Add header validation to log_account endpoint · Dec 22, 2025
  !763
• tm-remove-dhive

  2c98c29e · improve tests validating warning message for wrong wif key · Dec 19, 2025
  !761