NeoNeko/Arcane-Status
2
1
Fork 0
Code Issues Pull requests Projects Releases 4 Packages Wiki Activity Actions
4 releases 4 tags
  • 0.6.1 3999b53a49

    0.6.1 (Beta) Pre-release

    Rinanyae released this 2026-06-10 19:47:34 +00:00 | 0 commits to main since this release

    Arcane Status v0.6.1

    This release focuses primarily on security improvements and account protection.

    Improved Login Security

    Authentication protections have been strengthened to better defend against brute-force attacks.

    What changed

    • Locked accounts can no longer be accessed, even with the correct password.
    • IP-based rate limiting is now more secure by default.
    • Client IP addresses can no longer be spoofed through X-Forwarded-For headers unless a reverse proxy is explicitly configured.

    These changes help prevent attackers from bypassing account lockouts or avoiding login rate limits.

    Stronger Session Security

    Password changes now provide better protection for existing sessions.

    What changed

    • Changing a password now invalidates previously issued login tokens.
    • Users that have been deleted or deactivated can no longer continue using existing tokens.
    • When changing your password, your current session is automatically refreshed so you stay signed in.

    This improves account security while avoiding unnecessary logouts for the user performing the password change.

    More Secure Initial Setup

    The setup process has been hardened to prevent rare race conditions during installation.

    What changed

    • Admin account creation during setup is now performed safely inside a transaction.
    • This prevents multiple administrators from accidentally being created at the same time during initial setup.

    Encryption Configuration Warnings

    Arcane Status now performs additional checks during startup.

    What changed

    • A warning is displayed if ENCRYPTION_KEY has not been configured.
    • A warning is also shown if ENCRYPTION_KEY is the same as JWT_SECRET.

    Using separate values for these settings is strongly recommended for better security.

    Summary

    Arcane Status v0.6.1 is a security-focused release that improves:

    • Account lockout protection
    • Login rate limiting
    • Session invalidation after password changes
    • Protection against deleted or disabled account access
    • Setup reliability
    • Encryption configuration awareness

    No user-facing changes have been introduced in this release.

    Downloads