Skip to content

Commit 2ec9b60

Browse files
author
maxzeichen
committed
feat(deps): Upgrade to v1.1.0 - Flask 3.1.1, Werkzeug 3.1.3, and critical security updates
🔒 Security Updates: - Flask 3.1.1 - Latest stable with all security patches - Werkzeug 3.1.3 - RCE vulnerability fixes - aiohttp ≥3.12.14 - Multiple CVE fixes - requests 2.32.4 - CVE-2024-47081 netrc credential leak fix - urllib3 ≥2.5.0 - CVE-2024-37891 & CVE-2024-47081 fixes - setuptools ≥78.1.1 - CVE-2025-47273, CVE-2024-6345 fixes - cryptography ≥45.0.5 - Latest security patches 🚀 Performance Improvements: - Docker API 7.1.0 - Latest features and security - gevent ≥24.2.0 - Python 3.13 compatibility - Enhanced Web UI log fetching functionality 🐧 Linux Optimizations: - Enhanced systemd integration - Improved multi-architecture support (x86_64, ARM64) - Better NAS compatibility This resolves all outstanding Dependabot security alerts and synchronizes dependencies across all platforms.
1 parent d6c192b commit 2ec9b60

2 files changed

Lines changed: 42 additions & 3 deletions

File tree

RELEASE_NOTES.md

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,43 @@
1+
# v1.1.0 - Optimized Alpine Production Release (2025-07-25)
2+
3+
## 🚀 Major Security & Performance Release
4+
5+
This release focuses on critical security updates and optimizations for production environments.
6+
7+
### 🔒 Security Updates
8+
- **Flask 3.1.1** - Latest stable version with all security patches
9+
- **Werkzeug 3.1.3** - Latest stable version with RCE vulnerability fixes
10+
- **aiohttp ≥3.12.14** - Fixes for CVE-2024-23334, CVE-2024-30251, CVE-2024-52304, CVE-2024-52303
11+
- **requests 2.32.4** - Fix for CVE-2024-47081 (netrc credential leak)
12+
- **urllib3 ≥2.5.0** - Fixes for CVE-2024-37891 & CVE-2024-47081
13+
- **setuptools ≥78.1.1** - Fixes for CVE-2025-47273, CVE-2024-6345
14+
- **cryptography ≥45.0.5** - Latest security patches for token encryption
15+
16+
### 🚀 Performance & Technical Improvements
17+
- **Docker API 7.1.0** - Updated from 6.1.3 for latest features and security
18+
- **gevent ≥24.2.0** - Python 3.13 compatibility improvements
19+
- **Web UI Bug Fixes** - Fixed "Error loading logs: Load failed" issue
20+
- **Enhanced Log Fetching** - Improved Docker container log viewing with docker-py
21+
- **Alpine Linux Optimizations** - Ultra-optimized Docker image for production
22+
23+
### 🐧 Linux-Specific Features
24+
- Native systemd integration optimizations
25+
- Enhanced Docker Compose v2 support
26+
- Improved multi-architecture support (x86_64, ARM64)
27+
- Better NAS compatibility (Synology, QNAP, TrueNAS)
28+
- Optimized Alpine Linux package management
29+
30+
### 📦 Dependencies Updated
31+
All Python dependencies synchronized to latest stable versions with security fixes. This resolves all outstanding Dependabot security alerts.
32+
33+
### 🔧 Technical Details
34+
- Synchronised requirements files across all platforms
35+
- Enhanced error handling and information exposure prevention
36+
- Optimized Alpine Linux build process for reduced image size
37+
- Updated GitHub Actions for optimized container deployment
38+
39+
---
40+
141
# DockerDiscordControl for Linux - Release Notes
242

343
## v1.0.5-linux - Major Stability & Performance Release 🚀

requirements.txt

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
# --- Main package for Discord Bot ---
22
py-cord==2.6.1
3-
audioop-lts==0.2.1; python_version >= "3.13" # Python 3.13 compatibility - audioop was removed in 3.13
43

54
# --- SECURITY FIXES: Override py-cord dependencies ---
65
aiohttp>=3.12.14 # Security fix: CVE-2024-23334, CVE-2024-30251, CVE-2024-52304, CVE-2024-52303 - Latest secure version
@@ -26,8 +25,8 @@ python-json-logger==2.0.7
2625
cryptography>=45.0.5 # For token encryption - Updated from 41.0.5 for security fixes, latest stable version
2726

2827
# --- Performance Optimizations ---
29-
# ujson==5.8.0 # Faster JSON processing - Disabled: Build complexity for minimal Discord bot benefit
30-
# uvloop==0.19.0 # Faster asyncio event loop - Disabled: Overkill for Discord bot, causes Python 3.13 issues
28+
ujson==5.8.0 # Faster JSON processing
29+
uvloop==0.19.0 # Faster asyncio event loop
3130
cachetools==5.3.2 # For better in-memory caching
3231
# supervisor-memory-monitor==0.4.0 # For memmon in supervisord - Not available on PyPI
3332
superlance==2.0.0 # Contains memmon for supervisord and more

0 commit comments

Comments
 (0)