Skip to content

Tags: Hawk-API/HawkAPI

Tags

v0.2.0

Toggle v0.2.0's commit message
Security hardening (v0.2.0)

- CSRF middleware now verifies the submitted token HMAC signature (CWE-352)
- HTML-escape OpenAPI UI title and JSON-encode URL in JS context; pin CDN asset versions (CWE-79)
- DebugMiddleware defaults to enabled=False (CWE-489)
- TrustedProxyMiddleware whitelists X-Forwarded-Proto to http/https
- StructuredLoggingMiddleware sanitizes client request IDs (CWE-117)
- parse_multipart enforces a max_parts limit (CWE-770)
- SecurityHeadersMiddleware sets HSTS by default
- Scaffold no longer ships allow_origins=["*"]

v0.1.6

Toggle v0.1.6's commit message
release: 0.1.6 — security audit (3 HIGH + 2 MEDIUM fixes), threat mod…

…el, OWASP compliance, security workflow

v0.1.2

Toggle v0.1.2's commit message
fix: resolve remaining pyright strict errors in CaseInsensitiveDict