marcel/familienarchiv
1
0
Fork 0
Code Issues 126 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Labels Milestones New Issue
20 Open 2 Closed
Label
Clear labels
P0-critical
P1-high
P2-medium
P3-later
audit
bug
cleanup
collaboration
conversation
descoped
devops
documentation
epic
feature
file-upload
legibility
notification
person
phase-1: security
phase-2: container-images
phase-3: prod-compose
phase-4: spring-prod-profile
phase-5: backups
phase-6: deployment-docs
phase-7: monitoring
refactor
security
test
ui
user
Milestone
No milestone
Open milestones
Observability Stack — Grafana LGTM + GlitchTip
Projects
Clear projects
Assignee
Clear assignees
No assignee
Jens
marcel
security(import): reject path-traversal filenames from ODS in MassImportService.processRows P2-medium security
#530 opened 2026-05-11 20:13:41 +02:00 by marcel 4 / 8
security(import): validate PDF magic bytes in MassImportService before S3 upload P1-high file-upload security
#529 opened 2026-05-11 20:13:32 +02:00 by marcel 4 / 8
security(import): harden DocumentBuilderFactory against XXE in MassImportService P0-critical security
#528 opened 2026-05-11 20:13:22 +02:00 by marcel 4 / 8
feat(auth): defense-in-depth — CSRF, session revocation, login rate limit P1-high feature security
#524 opened 2026-05-11 18:50:20 +02:00 by marcel 0 / 11
8
feat(auth): server-side session model replacing Basic-auth cookie promotion P1-high feature security
#523 opened 2026-05-11 18:49:05 +02:00 by marcel 0 / 8
9
security(uploads): integrate ClamAV scan before persisting documents to MinIO P1-high file-upload security
#464 opened 2026-05-07 17:24:57 +02:00 by marcel 0 / 6
8
devops(ci): add SAST/SCA/secret-scan/container-scan gates to .gitea/workflows/ci.yml P0-critical devops security
#461 opened 2026-05-07 17:22:49 +02:00 by marcel 0 / 6
8
security(history): scrub admin:admin123 from .claude/skills/transcribe/SKILL.md git history P1-high security
#460 opened 2026-05-07 17:22:18 +02:00 by marcel 0 / 5
8
security(ocr): run OCR container as non-root user (CIS Docker §4.1) P0-critical devops phase-2: container-images security
#459 opened 2026-05-07 17:21:55 +02:00 by marcel 0 / 5
8
security(deps): bump @sveltejs/kit + vite to clear BODY_SIZE_LIMIT bypass + 5 high devDep CVEs P1-high security
#458 opened 2026-05-07 17:21:33 +02:00 by marcel 0 / 5
8
security(deps): bump Spring Boot to 4.0.6 to clear 2 CRIT + 17 HIGH CVEs P0-critical devops phase-1: security security
#457 opened 2026-05-07 17:21:13 +02:00 by marcel 0 / 6
8
fix(security): add Content-Security-Policy headers to SvelteKit responses security
#116 opened 2026-03-27 17:53:44 +01:00 by marcel
7
fix(security): enforce maximum file upload size limit file-upload security
#112 opened 2026-03-27 17:33:13 +01:00 by marcel
6
fix(security): add rate limiting to login and password-reset endpoints security
#111 opened 2026-03-27 17:32:59 +01:00 by marcel
7
fix(security): annotate AppUser.password with @JsonIgnore to prevent accidental hash leakage security
#110 opened 2026-03-27 17:32:47 +01:00 by marcel
6
fix(security): explicitly restrict Spring Boot Actuator endpoints in production config security
#87 opened 2026-03-27 09:24:54 +01:00 by marcel
1
fix(security): set secure: true on auth cookie for production (HTTPS) security
#86 opened 2026-03-27 09:24:33 +01:00 by marcel
1
fix(security): sanitize filename in Content-Disposition response header security
#85 opened 2026-03-27 09:24:19 +01:00 by marcel
fix(security): validate file upload MIME type from magic bytes, not client header security
#84 opened 2026-03-27 09:24:00 +01:00 by marcel
1
fix(security): remove hardcoded fallback admin credentials in application.yaml security
#83 opened 2026-03-27 09:23:43 +01:00 by marcel
1