32 lines
924 B
Plaintext
32 lines
924 B
Plaintext
### 🛡️ **\[1.18.1] – Security Patch & Hysteria Settings Tab**
|
||
|
||
*Released: 2025-08-30*
|
||
|
||
#### 🔒 Security
|
||
|
||
* 🛡️ **Open Redirect Fix**:
|
||
Removed `next_url` parameter from login flow to prevent **open redirect vulnerability**.
|
||
|
||
Special thanks to [**@HEXER365**](https://github.com/HEXER365) for responsible disclosure 🙏
|
||
|
||
#### ✨ Features
|
||
|
||
* ⚙️ **New Hysteria Settings tab** in Web Panel (with **geo update support**)
|
||
* 🎨 Redesigned **Login Page** for better UI/UX
|
||
|
||
#### 🛠️ Fixes
|
||
|
||
* 📦 Backup `extra.json` during upgrades
|
||
* 📱 Improved responsive design across web panel
|
||
* 🧩 Relaxed conflict check in user viewmodel
|
||
* 🧹 Removed `/dev/null` redirects for cleaner logging
|
||
|
||
#### 📦 Chore & Dependencies
|
||
|
||
* ⬆️ Updated dependencies:
|
||
|
||
* `typing-extensions` → 4.15.0
|
||
* `starlette` → 0.47.3
|
||
* `requests` → 2.32.5
|
||
* 🧹 Removed **deprecated `user.sh`** script (legacy auth)
|