Skip to content
This repository was archived by the owner on Feb 26, 2026. It is now read-only.

v1.1.0 - Security Hardening

Latest
Latest

Choose a tag to compare

View all tags
@kcherry497 kcherry497 released this 03 Feb 21:55
· 1 commit to main since this release
v1.1.0
9b738ed

Security Hardening

This release addresses security issues identified during code review.

Added

  • Access control enforcement for DM and channel messages
    • DM policies: disabled, pairing, open
    • Channel policies: allowlist, denylist, all
    • Wildcard (*) support for allowing all users
  • Per-user rate limiting to prevent abuse
    • Default: 5 requests per 60 seconds per user
    • Configurable via rateLimit.maxRequests and rateLimit.windowMs
  • Error reference IDs for troubleshooting
    • Generic error messages sent to IRC users
    • Full details logged server-side with reference IDs
  • New allowInsecureNickServ config option
  • 28 new tests for authorization and rate limiting

Changed

  • NickServ authentication now requires allowInsecureNickServ: true

Security Fixes

  • Fixed missing access control enforcement (CRITICAL)
  • Added rate limiting to prevent API abuse (HIGH)
  • Sanitized error messages to prevent information disclosure (HIGH)
  • Made insecure NickServ auth opt-in (MEDIUM)
Assets 2
Loading