Skip to content

kastelldev/kastell

v1.17.1 Security

This release includes 6 security fixes for security teams reviewing exposed deployments.

Published 2mo Server & OS Management
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 6 known CVEs

Topics

automation cli coolify devops digitalocean docker
+10 more
dokploy hetzner linode mcp security-audit self-hosted server-management typescript vps vultr

Affected surfaces

auth rbac rce_ssrf deps

Summary

AI summary

Security hardening with 28 defence‑in‑depth fixes from a security audit.

Full changelog

v1.17.1 — Security Hardening

28 defence-in-depth fixes from 5-skill security audit.

Security

  • sshExec type narrowing — accepts SshCommand only, 33 callers wrapped with raw()
  • SAFE_MODE typo-safe — accepts "yes"/"1"/"on", warns on unrecognized values
  • sanitizedEnv() expanded — 10 secret patterns (up from 4)
  • Rollback SHA256 integrity — checksum verified before restore script execution
  • MCP error sanitization — all 12 tool handlers route through sanitizeStderr
  • Path traversal guard — relPath allowlist regex in rollback
  • backupPath Zod regex — format validation prevents injection via tampered history
  • SHELL_METACHAR — added & to block && on fallback path
  • sedReplace path quoting — POSIX single-quote escape
  • DEBIAN_FRONTEND scope — both apt-get commands covered

Changed

  • scheduleManager: execSync replaced with spawnSync + DRY helper
  • encryption.ts: execSync replaced with spawnSync array args
  • Production deps: all 11 pinned to exact versions
  • isSafeMode() extracted to src/utils/safeMode.ts
  • Platform fallback: "coolify" changed to "bare" (least privileged)
  • cmd("") throws, timeoutMs=0 guard, ControlMaster 0o700
  • debugLog redaction, getServers() hardened, warnIfPermissionError helper

Full Changelog: https://github.com/kastelldev/kastell/compare/v1.17.0...v1.17.1

Security Fixes

  • Rollback SHA256 integrity check verifies checksum before executing restore script
  • MCP error sanitization routes all 12 tool handlers through sanitizeStderr
  • Path traversal guard added via relPath allowlist regex in rollback
  • backupPath validated with Zod regex to prevent injection via tampered history
  • SHELL_METACHAR now blocks "&" to stop && on fallback paths
  • sedReplace path quoting uses POSIX single‑quote escape
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track kastelldev/kastell

Get notified when new releases ship.

Sign up free

About kastelldev/kastell

Server security auditing and hardening toolkit. 413 security checks across 29 categories (SSH, Firewall, Docker, TLS, HTTP Headers), CIS/PCI-DSS/HIPAA compliance mapping, 19-step production hardening, fleet management, and forensic evidence collection. Supports Hetzner, DigitalOcean, Vultr, and Linode. 13 MCP tools.

All releases →

Related context

Beta — feedback welcome: [email protected]