This release includes 2 security fixes for security teams reviewing exposed deployments.
Published 2mo
Virtualization
✓ No known CVEs patched
This release patches 2 known CVEs
Topics
av-rack
capacity-planning
dcim
drag-and-drop
self-hosted
netbox
+11 more
network-infrastructure
nice-rack
rack
rack-diagram
rack-layout
self-host
server-rack
svelte
sysadmin
typescript
visualization
Summary
AI summaryFix escape order in NetBox importer to prevent double‑escaping and bump dependencies closing 7 CVEs.
Full changelog
Added
- Separate layout naming from rack naming — layouts and racks can now have independent names (#1005)
Fixed
- Device type auto-import integrates with command system for proper undo/redo (#1470)
- Batch auto-import with placement command for atomic undo/redo
- Context menu move up/down now checks collisions (#1462, PR #1504)
- Unique SVG pattern IDs per rack instance to prevent cross-rack rendering conflicts (#1466, PR #1505)
- Auto-detect IPv6 availability to prevent nginx startup failure (#1516, PR #1527)
- Show error/warning toasts for device import failures (#1391, PR #1506)
- Preserve slot_position and slot_width in YAML serialization (#1564, contributed by @lorenzowood)
- Guard preset shortcuts when custom-height input is focused in new-rack wizard (#1580, PR #1604)
- Double bay device selection (#1522, PR #1545)
- Storage resilience — use safeStorage for all web storage access (#1392, PR #1530)
- Make nginx DNS resolver configurable for Kubernetes (#1535, PR #1538)
Security
- Fix escape order in NetBox importer to prevent double-escaping, scope CodeQL to src (#1595, PR #1601)
- Bump hono to 4.12.14 and dompurify to 3.4.0, closing 7 CVEs (#1594, PR #1596)
Technical
- Decompose App.svelte and Rack.svelte into rendering and interaction layers (#1395, #1451)
- Extract drag-drop and context menu logic from Rack.svelte
- Centralise E2E CSS selectors into locators.ts (#1458)
- E2E test suite recovery — 58 failures resolved (#1508)
- Remove root npm package-lock.json (project uses bun) (#1603)
- Dependency updates: Svelte 5.55.5, Vite 8.0.10, marked 18.0.2, hono 4.12.14
Security Fixes
- Fix escape order in NetBox importer to prevent double‑escaping, scope CodeQL to src (#1595)
- Bump hono to 4.12.14 and dompurify to 3.4.0, closing 7 CVEs (#1594)
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Earlier breaking changes
- v26.5.0 Migrated from SemVer to CalVer versioning scheme
Beta — feedback welcome: [email protected]