v1.14.0

Version released on 07/18/2025.

Always secure connections (HSTS): All communication with the system now uses HTTPS, which prevents anyone from intercepting or altering exchanged data. It also ensures browsers don’t accidentally use insecure connections.
Protection against malicious files (X-Content-Type-Options): The system tells browsers not to guess the type of a file, helping prevent harmful code from being executed by mistake.
Login-protected access: All parts of the system now require users to be logged in, except for those that were explicitly made public. This reduces the risk of unauthorized access.
Clear rules for what can be loaded (CSP): Only trusted sources are allowed to load content like images, scripts, and styles. This helps prevent attacks that try to inject malicious code into the system.
Fewer clues for attackers: Server type and version information is now hidden. This makes it harder for attackers to exploit known vulnerabilities, as they have less information to work with.

Last updated 4 months ago