fix: monthly security scan — fix shell injection and add RPC body limit (MAINT-02)
- Replace sh -c echo with tokio::fs::write for bitcoin.conf generation - Add client_max_body_size 1m to /rpc/ in both HTTP and HTTPS nginx blocks - Document full audit findings in docs/security-audit-2026-03-11.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -428,7 +428,7 @@
|
||||
|
||||
- [x] **MAINT-01** — Monthly dependency update cycle. Each month: run `cargo update` and `npm update`, review changelogs for security fixes, run full test suite, deploy. Track in `docs/dependency-audit-log.md`.
|
||||
|
||||
- [ ] **MAINT-02** — Monthly security scan. Each month: run `/harden-security`, check for new CVEs affecting dependencies, review Podman/Debian security advisories. Patch any critical issues within 48 hours.
|
||||
- [x] **MAINT-02** — Monthly security scan. Each month: run `/harden-security`, check for new CVEs affecting dependencies, review Podman/Debian security advisories. Patch any critical issues within 48 hours.
|
||||
|
||||
- [ ] **MAINT-03** — Quarterly quality sweep. Each quarter: run full `/sweep`, compare to baseline, fix any regressions. Run 72-hour stability test.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user