This release bundles security enhancements from v2.1.6 with the feature and bug fixes from the previously unreleased v2.1.5.

The security vulnerabilities were identified by GitHub's automated Dependabot and code scanning services.

What's New

It's time to start thinking in tunnels. The old DockFlare logo has been retired and replaced with a brand new animated version in the web UI.

Security (v2.1.6)

This release resolves several security issues to harden the application and its deployment pipeline.

• Dependency Vulnerability: Patched an outdatedbrace-expansion npm package by updating it to version 2.0.2, addressing a CVE related to inefficient regex.
• Path Injection: The/help/<path:page> route was hardened against path traversal attacks by implementing stricter path validation usingos.path.abspath.
• Open Redirect: The login redirect mechanism was secured by validating thenext parameter, preventing redirects to external, malicious sites.
• Information Exposure: Prevented the leakage of sensitive exception details and stack traces in API/JSON responses for the/cloudflare-ping,/debug, and/api/v2/debug-info endpoints.
• Insecure CI/CD Workflow: To adhere to the principle of least privilege, permissions for the GitHub Actions workflow have been explicitly restricted tocontents: read.

Features & Fixes (from v2.1.5)

• New - Help Documentation: A comprehensive help section has been added to the web UI, providing users with easy access to documentation and guides.
• Fixed - Country Dropdown Menu: An issue where the country dropdown menu in the Access Group modal was limited to 50 entries has been resolved.
• Fixed - UI Refinements: Various minor refinements were made to the web UI for improved usability and a more polished user experience.

How to Upgrade

1. Pull the latest Docker image:docker pull alplat/dockflare:stable
2. Restart your DockFlare container.
3. Open the DockFlare UI in your browser.

As always, thank you for using DockFlare and for your feedback!

Cheers, Chris