·
0 commits
to main
since this release
Security Fixes
- CVE-2026-2391 (CISA KEV / SNYK-JS-QS-15268416): Upgraded
expressto 4.22.1 and pinnedqsto 6.14.2 to remediate Allocation of Resources Without Limits or Throttling vulnerability (CVSS 8.2 High) - Pen test remediations: Added HSTS header, restricted CORS origins, removed server version disclosure (#203)
- CI/CD hardening: Replaced flaky CF CLI Debian install with direct binary download + retry (#204)
Features
Dependency Changes
| Package | Before | After |
|---|---|---|
express |
4.21.1 | 4.22.1 |
qs |
6.13.0 | 6.14.2 |