Skip to content

v1.1.2 Bump (Security, Alpine Fixes#602

Merged
MickLesk merged 5 commits into
mainfrom
security/servers-auth-1.1.2
Jun 8, 2026
Merged

v1.1.2 Bump (Security, Alpine Fixes#602
MickLesk merged 5 commits into
mainfrom
security/servers-auth-1.1.2

Conversation

@MickLesk

@MickLesk MickLesk commented Jun 8, 2026

Copy link
Copy Markdown
Member

✍️ Description

This PR hardens backend security and includes two targeted bug fixes.

What’s changed

  • Added server-side auth enforcement for sensitive API/tRPC/WebSocket endpoints.

  • Implemented requireApiAuth in multiple settings routes to enforce authentication.

  • Added checks for setup completion in the authentication setup route.

  • Enhanced error handling and response messages for better clarity.

  • Prevented sensitive server data from being exposed in API responses.

  • Fixed Alpine script path normalization to avoid double alpine- prefixes (e.g. alpine-alpine-...) and resulting 404s. Alpine install method double-prepends "alpine-" to slug, causing 404 (alpine-alpine-it-tools.sh) #596

Improved manual auto-sync error handling:

  • PocketBase fetch failures and empty responses now return explicit diagnostic errors.

  • Manual sync no longer reports success when the backend sync actually failed.
    Validation Bad error handling #587

  • Targeted ESLint checks passed for changed files.

  • Typecheck passed (tsc --noEmit)

  • Upgraded various node packages

  • Upgraded npm to 11.x

🔗 Related PR / Issue

Fixes: #

✅ Prerequisites (X in brackets)

  • Self-review completed – Code follows project standards.
  • Tested thoroughly – Changes work as expected.
  • No security risks – No hardcoded secrets, unnecessary privilege escalations, or permission issues.

Screenshot for frontend Change

🛠️ Type of Change (X in brackets)

  • 🐞 Bug fix – Resolves an issue without breaking functionality.
  • New feature – Adds new, non-breaking functionality.
  • 💥 Breaking change – Alters existing functionality in a way that may require updates.

ProxmoxVE Developer added 5 commits June 8, 2026 20:36
fix(security): protect servers api and redact secrets
0c3167f
feat: add authentication checks to various API routes
7592608 
- Implemented `requireApiAuth` in multiple settings routes to enforce authentication.
- Added checks for setup completion in the authentication setup route.
- Enhanced error handling and response messages for better clarity.
- Ensured that sensitive information is only exposed to authenticated users.
fix: update auth module import from .ts to .js
0294e9c
fix: enhance error handling in auto-sync and normalize alpine CT slug
a9c2b69
fix: remove unnecessary whitespace in script handling functions
77aa3a1
@MickLesk MickLesk requested a review from a team as a code owner June 8, 2026 18:59
@MickLesk MickLesk merged commit 001ff7b into main Jun 8, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@MickLesk