35 Releases 38 Tags

RSS Feed

• v2.3.1 0fc9ea80bf

  Changemaker Lite v2.3.1 Stable

  admin released this 2026-03-27 10:06:38 -06:00 | 101 commits to main since this release

  Security + install pipeline hardening (97 commits)

  Large release consolidating a full security audit, install pipeline hardening, and infrastructure modernization.

  Themes:

  • Security audit (30+ findings across auth/IDOR/XSS/path traversal/infrastructure):

    • Security audit: fix 30 findings across auth, IDOR, XSS, path traversal, infrastructure (1bf19fff)
    • Security audit follow-up: httpOnly cookies, ticket reservations, MongoDB keyfile (b215cda0)
    • MONGO_ROOT_PASSWORD added to docs, config wizard, CCP, prod compose (82a66a97)

  • Install pipeline hardening:

    • Harden install pipeline: health checks, log rotation, backup timer (72873281)
    • Fix curl|bash install: redirect stdin from /dev/tty for interactive prompts (f2284a9c)
    • Replace custom code-server (9GB) with upstream LinuxServer image (~1GB) (0c634e10)
    • Remove hardcoded container names for multi-instance deployment support (3262d920)
    • Various fresh-install + upgrade edge-case fixes (63e05adc, c701f772, 44931260)

  • Pangolin:

    • Fix Pangolin setup: root domain support + disable SSO auth on resources (a56f8446)

  • Features:

    • Add guided tour, media enhancements, error handling, and DevOps improvements (39d74e7b)
    • Admin dashboard polish (204e90dd, abdfd50c)

  • Docs:

    • Update CLAUDE.md with consolidated architecture docs (e0fd4fd7)

  Upgrade notes: Recommended upgrade for any installation predating this release — includes security fixes. Review MONGO_ROOT_PASSWORD in your .env (may need to be added). Code-server image swap reduces disk footprint by ~8GB.

  Downloads

  • Source Code (ZIP)
  • Source Code (TAR.GZ)
  • changemaker-lite-v2.3.1.tar.gz
    14 MiB