Snider
606176585c
Fix critical and high severity issues from code review
Security fixes:
- Fix XSS in JSON-LD output via JSON_HEX_TAG (Seo module)
- Fix SQL injection via LIKE wildcards (Config module)
- Fix regex injection in env updates (Console module)
- Fix weak token hashing with HMAC-SHA256 (CDN module)
- Mask database credentials in install output (Console module)
New features:
- Add MakeModCommand, MakePlugCommand, MakeWebsiteCommand scaffolds
- Add event prioritization via array syntax in $listens
- Add EventAuditLog for tracking handler execution and failures
- Add ServiceVersion with semver and deprecation support
- Add HealthCheckable interface with HealthCheckResult
- Add ServiceStatus enum for service health states
- Add DynamicMenuProvider for uncached menu items
- Add LangServiceProvider with auto-discovery and fallback chains
Improvements:
- Add retry logic with exponential backoff (CDN uploads)
- Add file size validation before uploads (100MB default)
- Add key rotation mechanism for LthnHash
- Add Unicode NFC normalization to Sanitiser
- Add configurable filter rules per field (Input)
- Add menu caching with configurable TTL (Admin)
- Add Redis fallback alerting via events (Storage)
- Add Predis support alongside phpredis (Storage)
- Add memory safety checks for image processing (Media)
- Add SchemaValidator for schema.org validation (SEO)
- Add translation key validation in dev environments
Bug fixes:
- Fix nested array filtering returning null (Sanitiser)
- Fix race condition in EmailShieldStat increment
- Fix stack overflow on deep JSON nesting (ConfigResolver)
- Fix missing table existence check (BlocklistService)
- Fix missing class_exists guards (Search, Media)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>