What's Changed
Important
This release contains a number of security fixes that remediate vulnerabilities that were discovered in the latest external penetration test that was commissioned by Phase. As part of one of the security fixes, the Phase backend is now referencing the X_REAL_IP HTTP header to detect client IP. Please make sure your middleware (Such as Nginx, Cloudflare or Treafik) is setting this header correctly, if you are using a custom configuration. You can find examples in our Docs here.
- feat: Self-hosting nginx config improvements by @nimish-ks in #688
- feat: add misc graphql validation rules by @rohan-chaturvedi in #686
- chore(deps-dev): bump js-yaml from 3.14.1 to 3.14.2 in /frontend by @dependabot[bot] in #690
- chore: bump glob to 10.5.0 by @rohan-chaturvedi in #691
- fix: secret editor performance by @rohan-chaturvedi in #689
Full Changelog: v2.54.1...v2.54.2
Contributors
rohan-chaturvedi, dependabot, and nimish-ks