Daniel Bedeleanu
247ea45408
security: audit complet + patch vulnerabilitati critice v1.3.5
Audit de securitate executat pe Backend (FastAPI) si Frontend (Next.js/Dexie).
12 vulnerabilitati identificate (4 CRITICE, 4 HIGH, 3 MEDIUM, 1 LOW).
Patch-uri aplicate direct:
- [C-02] Eliminat bypass autentificare pentru useri fara parola (users.py)
- [C-03] Parola default Admin inlocuita cu secrets.token_urlsafe(16) (users.py)
- [H-01] LDAP injection fix: escape_filter_chars pe username (users.py)
- [H-03] Validare MIME + limita 10MB pe /items/extract-label (items.py)
- [M-01] CORS fix: allow_origins din env ALLOWED_ORIGINS, nu wildcard (main.py)
- [M-03] Toate print() LDAP inlocuite cu log.debug() (users.py)
Raport complet: dev_docs/SECURITY_REPORT.md
Actiuni arhitecturale ramase (JWT enforcement, rate limiting): SESSION_STATE.md
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
2026-04-11 13:20:05 +03:00
..
2026-04-10 21:51:22 +03:00
2026-04-11 13:20:05 +03:00
2026-04-10 21:51:22 +03:00
2026-04-10 21:51:22 +03:00
2026-04-10 21:51:22 +03:00
2026-04-11 12:33:13 +03:00
2026-04-11 12:33:13 +03:00
2026-04-11 11:22:40 +03:00
2026-04-11 11:22:40 +03:00
2026-04-11 12:33:13 +03:00
2026-04-11 13:20:05 +03:00
2026-04-11 11:22:40 +03:00
2026-04-10 21:51:22 +03:00
2026-04-11 11:22:40 +03:00