Skip to content

Rackula

v0.9.4 Security

This release includes 2 security fixes for security teams reviewing exposed deployments.

Published 2mo Virtualization
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 2 known CVEs

Topics

av-rack capacity-planning dcim drag-and-drop self-hosted netbox
+11 more
network-infrastructure nice-rack rack rack-diagram rack-layout self-host server-rack svelte sysadmin typescript visualization

Summary

AI summary

Fix escape order in NetBox importer to prevent double‑escaping and bump dependencies closing 7 CVEs.

Full changelog

Added

  • Separate layout naming from rack naming — layouts and racks can now have independent names (#1005)

Fixed

  • Device type auto-import integrates with command system for proper undo/redo (#1470)
  • Batch auto-import with placement command for atomic undo/redo
  • Context menu move up/down now checks collisions (#1462, PR #1504)
  • Unique SVG pattern IDs per rack instance to prevent cross-rack rendering conflicts (#1466, PR #1505)
  • Auto-detect IPv6 availability to prevent nginx startup failure (#1516, PR #1527)
  • Show error/warning toasts for device import failures (#1391, PR #1506)
  • Preserve slot_position and slot_width in YAML serialization (#1564, contributed by @lorenzowood)
  • Guard preset shortcuts when custom-height input is focused in new-rack wizard (#1580, PR #1604)
  • Double bay device selection (#1522, PR #1545)
  • Storage resilience — use safeStorage for all web storage access (#1392, PR #1530)
  • Make nginx DNS resolver configurable for Kubernetes (#1535, PR #1538)

Security

  • Fix escape order in NetBox importer to prevent double-escaping, scope CodeQL to src (#1595, PR #1601)
  • Bump hono to 4.12.14 and dompurify to 3.4.0, closing 7 CVEs (#1594, PR #1596)

Technical

  • Decompose App.svelte and Rack.svelte into rendering and interaction layers (#1395, #1451)
  • Extract drag-drop and context menu logic from Rack.svelte
  • Centralise E2E CSS selectors into locators.ts (#1458)
  • E2E test suite recovery — 58 failures resolved (#1508)
  • Remove root npm package-lock.json (project uses bun) (#1603)
  • Dependency updates: Svelte 5.55.5, Vite 8.0.10, marked 18.0.2, hono 4.12.14

Security Fixes

  • Fix escape order in NetBox importer to prevent double‑escaping, scope CodeQL to src (#1595)
  • Bump hono to 4.12.14 and dompurify to 3.4.0, closing 7 CVEs (#1594)

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Track Rackula

Get notified when new releases ship.

Sign up free

About Rackula

Open-source drag-and-drop rack layout designer

All releases →

Related context

Earlier breaking changes

  • v26.5.0 Migrated from SemVer to CalVer versioning scheme

Beta — feedback welcome: [email protected]