Skip to content

Releases: Hawk-API/hawkapi-admin

v0.3.0

Choose a tag to compare

@ashimov ashimov released this 10 Jun 11:39

Security hardening (breaking).

  • Breaking: admin panel is fail-closed; requests denied with 401 when no auth callable configured (CWE-306)
  • Detail view renders only detail_fields() so hidden columns no longer leak (CWE-200)
  • Sensitive/authorization field detection extended; matched fields forced read-only (CWE-915)
  • CSRF cookie sets HttpOnly and Max-Age (CWE-1004)
  • Security headers + CSP on admin responses (CWE-1021)
  • Non-integer page no longer 500s (CWE-20)
  • Security events logged (CWE-778)

v0.2.0 — security hardening

Choose a tag to compare

@ashimov ashimov released this 16 May 14:11

Full OWASP review fixes. See CHANGELOG.md for details.

v0.1.1

Choose a tag to compare

@ashimov ashimov released this 16 May 11:04

Fix wheel build — drop empty static/ force-include entry that broke uv build in CI; ship templates via artifacts.