This release includes 2 security fixes for security teams reviewing exposed deployments.
Topics
+10 more
Affected surfaces
Summary
AI summaryDefense‑in‑depth fixes close SQL injection and path traversal vulnerabilities.
Full changelog
Added
quicklify snapshot create/list/delete— VPS snapshot management with cost estimates- Maintain integration: automatic snapshot offer before maintenance (with cost estimate)
sshKey.test.ts— dedicated tests for SSH key utilities (13 tests)- Provider snapshot support for Hetzner, DigitalOcean, Vultr, and Linode
Fixed
- domain.ts: SQL escape for FQDN values (defense-in-depth against SQL injection)
- restore.ts: Path traversal protection with
basename()for--backupflag - yamlConfig.ts: Expanded security key detection (6 → 21 patterns including password, credential, jwt, bearer, etc.)
Security Fixes
- domain.ts: SQL escape for FQDN values — defense‑in‑depth against SQL injection
- restore.ts: Path traversal protection using basename() for the --backup flag
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
About kastelldev/kastell
Server security auditing and hardening toolkit. 413 security checks across 29 categories (SSH, Firewall, Docker, TLS, HTTP Headers), CIS/PCI-DSS/HIPAA compliance mapping, 19-step production hardening, fleet management, and forensic evidence collection. Supports Hetzner, DigitalOcean, Vultr, and Linode. 13 MCP tools.
Related context
Related tools
Beta — feedback welcome: [email protected]