[PR #225] [MERGED] v0.1.6.2 #967

New issue

Closed

opened 2026-05-07 00:15:14 +02:00 by BreizhHardware · 0 comments

BreizhHardware commented

2026-05-07 00:15:14 +02:00

Owner

📋 Pull Request Information

Original PR: https://github.com/maziggy/bambuddy/pull/225
Author: @maziggy
Created: 2/2/2026
Status: ✅ Merged
Merged: 2/2/2026
Merged by: @maziggy

Base: main ← Head: 0.1.6.2

📝 Commits (10+)

dce9c8b Fix filename matching for files with spaces (Issue #218)
4dad18a Fixed CodeQL Alert #68: Stack trace exposure in archives.py
234693a Fix external spool ams_mapping2 slot_id (Issue #213)
57db793 Fix external spool ams_mapping2 slot_id (Issue #213)
f330f1c Housekeeping
c31f296 Fix critical security vulnerabilities (GHSA-gc24-px2r-5qmf)
018a744 Location filter for queue and auth fixes (Issue #220)
e4e37fb Issue #224: File Manager Permissions
0fa180a Bumped version
49b2252 Updated CHANGELOG

📊 Changes

30 files changed (+1201 additions, -162 deletions)

View changed files

📝 .gitignore (+3 -0)
📝 CHANGELOG.md (+37 -0)
📝 README.md (+1 -1)
📝 backend/app/api/routes/library.py (+88 -17)
📝 backend/app/api/routes/print_queue.py (+2 -0)
📝 backend/app/api/routes/printers.py (+18 -0)
📝 backend/app/core/auth.py (+67 -1)
📝 backend/app/core/config.py (+1 -1)
📝 backend/app/core/database.py (+6 -0)
📝 backend/app/main.py (+153 -1)
📝 backend/app/models/print_queue.py (+3 -0)
📝 backend/app/schemas/print_queue.py (+3 -0)
📝 backend/app/services/print_scheduler.py (+13 -4)
📝 backend/tests/conftest.py (+2 -1)
📝 backend/tests/integration/test_auth_api.py (+85 -0)
📝 backend/tests/integration/test_library_api.py (+207 -0)
📝 backend/tests/integration/test_ownership_permissions.py (+8 -2)
📝 backend/tests/integration/test_print_queue_api.py (+213 -0)
📝 frontend/src/__tests__/mocks/handlers.ts (+1 -1)
📝 frontend/src/__tests__/setup.ts (+4 -9)

...and 10 more files

📄 Description

v0.1.6.2

Bambuddy v0.1.6.2 (Security Release)

Security Release: This release addresses critical security vulnerabilities. Users running authentication-enabled instances should upgrade immediately.

**Security Fixes

Critical: Hardcoded JWT Secret Key (GHSA-gc24-px2r-5qmf, CWE-321)
- Fixed hardcoded JWT secret that could allow token forgery
- JWT secret now loaded from JWT_SECRET_KEY env var or auto-generated secure file
- Action Required: Users will need to re-login after upgrading
Critical: Missing API Authentication (GHSA-gc24-px2r-5qmf, CWE-306)
- Fixed 77+ API endpoints lacking authentication checks
- All API routes now require valid JWT/API key when auth is enabled**

Bug Fixes

File Manager permissions not enforced (#224)
External spool AMS mapping failures (#213)
Filename matching for files with spaces (#218)
P2S FTP upload failure (#218)
Printer deletion freeze (#214)
Stack trace exposure in error responses (CodeQL #68)
Printer serial numbers in support bundles (#216)
Missing sliced_for_model migration (#211)
JWT secret not persistent across restarts
Images/thumbnails returning 401 with auth enabled
Library thumbnails missing after restore
File uploads failing with auth enabled

Enhancements

Location filter for queue (#220)
Ownership-based permissions (#205)
User tracking for archives, library, queue (#206)
Separate AMS RFID permission (#204)
Schedule button on archive cards (#208)
Streaming overlay FPS config (#164)
Simplified backup/restore system

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/maziggy/bambuddy/pull/225 **Author:** [@maziggy](https://github.com/maziggy) **Created:** 2/2/2026 **Status:** ✅ Merged **Merged:** 2/2/2026 **Merged by:** [@maziggy](https://github.com/maziggy) **Base:** `main` ← **Head:** `0.1.6.2` --- ### 📝 Commits (10+) - [`dce9c8b`](https://github.com/maziggy/bambuddy/commit/dce9c8bc0673638eb529458642d81ae28f91094a) Fix filename matching for files with spaces (Issue #218) - [`4dad18a`](https://github.com/maziggy/bambuddy/commit/4dad18a331690accfea595b08f7368e7b425c403) Fixed CodeQL Alert #68: Stack trace exposure in archives.py - [`234693a`](https://github.com/maziggy/bambuddy/commit/234693a306b9434b4e4294c32ae3c04665f490e6) Fix external spool ams_mapping2 slot_id (Issue #213) - [`57db793`](https://github.com/maziggy/bambuddy/commit/57db7932e764ee7e2a8223986d2de2a11fe149b3) Fix external spool ams_mapping2 slot_id (Issue #213) - [`f330f1c`](https://github.com/maziggy/bambuddy/commit/f330f1c1af75a1d119a167ade8c43c770bf1d77b) Housekeeping - [`c31f296`](https://github.com/maziggy/bambuddy/commit/c31f2968889c855f1ffacb700c2c9970deb2a6fb) Fix critical security vulnerabilities (GHSA-gc24-px2r-5qmf) - [`018a744`](https://github.com/maziggy/bambuddy/commit/018a74447576d48c47c838c89db70e784fd6b80f) Location filter for queue and auth fixes (Issue #220) - [`e4e37fb`](https://github.com/maziggy/bambuddy/commit/e4e37fb99e5b5772b5ebcfc960bed79f1873185e) Issue #224: File Manager Permissions - [`0fa180a`](https://github.com/maziggy/bambuddy/commit/0fa180a5ee2653de37ac2b7eb7ed48cefe1199c4) Bumped version - [`49b2252`](https://github.com/maziggy/bambuddy/commit/49b22524321b9ba2c466230d80d1f9af4a25f266) Updated CHANGELOG ### 📊 Changes **30 files changed** (+1201 additions, -162 deletions) <details> <summary>View changed files</summary> 📝 `.gitignore` (+3 -0) 📝 `CHANGELOG.md` (+37 -0) 📝 `README.md` (+1 -1) 📝 `backend/app/api/routes/library.py` (+88 -17) 📝 `backend/app/api/routes/print_queue.py` (+2 -0) 📝 `backend/app/api/routes/printers.py` (+18 -0) 📝 `backend/app/core/auth.py` (+67 -1) 📝 `backend/app/core/config.py` (+1 -1) 📝 `backend/app/core/database.py` (+6 -0) 📝 `backend/app/main.py` (+153 -1) 📝 `backend/app/models/print_queue.py` (+3 -0) 📝 `backend/app/schemas/print_queue.py` (+3 -0) 📝 `backend/app/services/print_scheduler.py` (+13 -4) 📝 `backend/tests/conftest.py` (+2 -1) 📝 `backend/tests/integration/test_auth_api.py` (+85 -0) 📝 `backend/tests/integration/test_library_api.py` (+207 -0) 📝 `backend/tests/integration/test_ownership_permissions.py` (+8 -2) 📝 `backend/tests/integration/test_print_queue_api.py` (+213 -0) 📝 `frontend/src/__tests__/mocks/handlers.ts` (+1 -1) 📝 `frontend/src/__tests__/setup.ts` (+4 -9) _...and 10 more files_ </details> ### 📄 Description v0.1.6.2 Bambuddy v0.1.6.2 (**Security Release**) **Security Release: This release addresses critical security vulnerabilities. Users running authentication-enabled instances should upgrade immediately.** **Security Fixes - Critical: Hardcoded JWT Secret Key (GHSA-gc24-px2r-5qmf, CWE-321) - Fixed hardcoded JWT secret that could allow token forgery - JWT secret now loaded from JWT_SECRET_KEY env var or auto-generated secure file - Action Required: Users will need to re-login after upgrading - Critical: Missing API Authentication (GHSA-gc24-px2r-5qmf, CWE-306) - Fixed 77+ API endpoints lacking authentication checks - All API routes now require valid JWT/API key when auth is enabled** Bug Fixes - File Manager permissions not enforced (#224) - External spool AMS mapping failures (#213) - Filename matching for files with spaces (#218) - P2S FTP upload failure (#218) - Printer deletion freeze (#214) - Stack trace exposure in error responses (CodeQL #68) - Printer serial numbers in support bundles (#216) - Missing sliced_for_model migration (#211) - JWT secret not persistent across restarts - Images/thumbnails returning 401 with auth enabled - Library thumbnails missing after restore - File uploads failing with auth enabled Enhancements - Location filter for queue (#220) - Ownership-based permissions (#205) - User tracking for archives, library, queue (#206) - Separate AMS RFID permission (#204) - Schedule button on archive cards (#208) - Streaming overlay FPS config (#164) - Simplified backup/restore system --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>