jramos
8a6a3485e9
security: address audit findings C-4 through M-8
...
Critical:
- C-4: Add express-rate-limit to login (20 attempts/15min)
- C-5: Remove default credentials from LoginForm.js
- C-6: Add sandbox attribute to KB document iframe
High:
- H-2: Hard-fail on startup if SESSION_SECRET env var is missing
- H-6: Sanitize filenames in Content-Disposition headers
- H-7: Fix KB upload race condition — move file after DB insert succeeds
- H-8: Generate random admin password in setup.js instead of hardcoded
- H-9: Add rehype-sanitize to ReactMarkdown (requires npm install)
Medium:
- M-4: Fix loose equality (==) to strict (===) in users.js self-checks
- M-5: Add hostname format regex validation in compliance notes
- M-6: Fix vendor trim-before-validate in ivantiTodoQueue.js
- M-7: Sanitize original filename in compliance temp JSON
- M-8: Pull CSP frame-ancestors from CORS_ORIGINS env var
New dependencies needed:
- backend: express-rate-limit (npm install in root)
- frontend: rehype-sanitize (npm install in frontend/)
2026-04-07 10:23:10 -06:00
2fead2cfef
feat(kb): render Mermaid diagrams in Knowledge Base viewer
...
Installs mermaid v11 and adds a custom ReactMarkdown code renderer
that intercepts fenced mermaid blocks and renders them as SVG diagrams
using the dark theme. SVGs are made responsive (width: 100%).
Non-mermaid code blocks are unchanged.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-04-02 15:37:00 -06:00
fa9f4229a6
Add PDF inline preview support to knowledge base viewer
2026-02-13 10:46:32 -07:00
79a1a23002
Added knowledge base enhancements for documentation viewing and preloaded Ivanti config for next feature
2026-02-13 09:43:09 -07:00
