Rackula

v0.10.1 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 5d Virtualization

View tool

✓ No known CVEs patched

Read the diff → Tool health → What is this tool? →

This release patches 1 known CVE

Topics

av-rack capacity-planning dcim drag-and-drop self-hosted netbox

+10 more

network-infrastructure rack rack-diagram rack-layout self-host server-rack svelte sysadmin typescript visualization

Affected surfaces

deps

ReleasePort's take

Moderate signal

editorial:auto 5d

Release v0.10.1 removes Stryker mutation testing and patches CVE-2026-8723 in the qs dependency.

Why it matters: CVE‑2026‑8723 (severity unspecified) is addressed by removing the vulnerable Stryker component; projects using qs should upgrade to v0.10.1 immediately.

Summary

AI summary

CVE‑2026‑8723 fixed by removing Stryker mutation testing.

Changes in this release

Type	Severity	Summary	CVE
Security	Critical	Removes Stryker mutation testing and patches CVE-2026-8723 in qs dependency Removes Stryker mutation testing and patches CVE-2026-8723 in qs dependency Source: llm_adapter@2026-05-29 Confidence: high	—
Feature	Medium	Makes YAML the default save format for canvases Makes YAML the default save format for canvases Source: llm_adapter@2026-05-29 Confidence: high	—
Dependency
Dependency	Low	Documents NPM library feasibility and level‑of‑effort spike (dompurify, eslint-plugin-svelte, svelte, @lucide/svelte) Documents NPM library feasibility and level‑of‑effort spike (dompurify, eslint-plugin-svelte, svelte, @lucide/svelte) Source: llm_adapter@2026-05-29 Confidence: high	—
Dependency	Low	Adds regression E2E tests for mouse tap‑to‑place in mobile mode Adds regression E2E tests for mouse tap‑to‑place in mobile mode Source: llm_adapter@2026-05-29 Confidence: low	—
Dependency	Low	Scopes deploy‑dev.yml to only relevant paths in CI configuration Scopes deploy‑dev.yml to only relevant paths in CI configuration Source: llm_adapter@2026-05-29 Confidence: low	—
Bugfix
Bugfix	Medium	Enables mouse/pointer tap‑to‑place interaction in mobile mode for viewports ≤1024px Enables mouse/pointer tap‑to‑place interaction in mobile mode for viewports ≤1024px Source: llm_adapter@2026-05-29 Confidence: high	—
Bugfix	Medium	Ensures canvas fills the full window when viewed on mobile devices Ensures canvas fills the full window when viewed on mobile devices Source: llm_adapter@2026-05-29 Confidence: high	—
Bugfix	Medium	Updates end‑to‑end specs to reflect YAML as the default save format Updates end‑to‑end specs to reflect YAML as the default save format Source: llm_adapter@2026-05-29 Confidence: high	—
Bugfix	Medium	Verifies live frontend version only when no API is present in production Verifies live frontend version only when no API is present in production Source: llm_adapter@2026-05-29 Confidence: high	—
Bugfix	Medium	Resolves remaining E2E failures: Android long‑press context menu and starter‑library search issues Resolves remaining E2E failures: Android long‑press context menu and starter‑library search issues Source: llm_adapter@2026-05-29 Confidence: high	—
Bugfix	Low	Allows half-width devices to be independently selectable at the same U position Allows half-width devices to be independently selectable at the same U position Source: granite4.1:30b@2026-05-29-audit Confidence: low	—
Refactor	Low	Refits canvas on device orientation change in mobile mode Refits canvas on device orientation change in mobile mode Source: granite4.1:30b@2026-05-29-audit Confidence: low	—

Full changelog

Added

Make YAML the default save format (#619, PR #1754)
Refit canvas on device orientation change in mobile mode (PR #1751)

Fixed

Half-width devices independently selectable at same U position (#1680, PR #1773)
Enable mouse/pointer tap-to-place in mobile mode (≤1024px viewport) (#1757, PR #1760) - shoutout to @Jefferson-Butler1 for reporting this
Canvas fills full window in mobile mode (#1764, PR #1765)
E2E specs updated for YAML default save format (#1767, PR #1768)
Verify live frontend version only on no-API prod (#1770, PR #1771)
Remaining full-E2E failures — android long-press context menu + starter-library search (#1769, PR #1776)

Security

Remove Stryker mutation testing, fix CVE-2026-8723 (qs dependency) (#1774, PR #1775)

Technical

E2E regression tests for mouse tap-to-place in mobile mode (#1762, PR #1763)
NPM library feasibility & LOE spike documentation (#1758, PR #1761)
Scope deploy-dev.yml to relevant paths only (PR #1772)
Dependency bumps: dompurify, eslint-plugin-svelte, svelte, @lucide/svelte

<3 @ggfevans

Security Fixes

CVE-2026-8723 — removed Stryker mutation testing and patched vulnerable qs dependency (#1774, PR #1775)

View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track Rackula

Get notified when new releases ship.

About Rackula

Open-source drag-and-drop rack layout designer

All releases →

Related context

Related tools

Related CVEs

CVE-2026-8723 NVD KEV EPSS

Earlier breaking changes

v26.5.0 Migrated from SemVer to CalVer versioning scheme