Skip to content

Changelog

All notable changes to Repod are documented here.

The format follows Keep a Changelog. Repod uses Semantic Versioning.

[1.0.0] — 2026-05-12

First stable production release.

Security hardening

  • Docker socket removed — the backend no longer mounts /var/run/docker.sock. GPG signing operations now use a shared volume (/repos/gnupg), eliminating a container escape vector.
  • JWT secret validated at startup — the application refuses to start in production mode if JWT_SECRET_KEY is the default or absent value.
  • Swagger UI disabled in production/docs and /redoc return 404 when ENV=production. Enabled automatically in development mode.
  • Reset tokens hashed — password reset tokens are stored as SHA-256 hashes only. The plaintext token is never persisted.
  • LDAP TLS enforced — certificate verification is enabled by default (verify_cert: true). A warning is logged if disabled.
  • Secrets masked in settings APIsmtp_password and bind_password are returned as *** in GET /settings.

Rate limiting

New rate limits applied to high-impact endpoints:

Endpoint Limit
POST /upload/ 20 / minute
POST /import/fetch 10 / minute
POST /import/batch 5 / minute
POST /import/sync 3 / minute

Audit trail

18 event types now logged to append-only JSONL files:

  • Authentication: LOGIN_SUCCESS, LOGIN_FAILURE (with source IP)
  • User management: USER_CREATE, USER_UPDATE, USER_DELETE
  • Passwords: PASSWORD_CHANGE, PASSWORD_RESET
  • Packages: UPLOAD, DELETE, PROMOTE, IMPORT, SYNC
  • Configuration: SETTINGS_CHANGE, GPG_GENERATE
  • Security: CVE_APPROVE, CVE_REJECT
  • Tokens: TOKEN_CREATE, TOKEN_REVOKE

HTTP security headers (frontend)

Added to Nginx frontend configuration:

  • Permissions-Policy: camera=(), microphone=(), geolocation=(), payment=()
  • Content-Security-Policy: default-src 'self'; ...
  • Cache-Control: public, immutable on static assets

Infrastructure

  • Production mode (ENV=production): 2 uvicorn workers, no hot-reload
  • Development mode (ENV=development): single worker, --reload, Swagger enabled
  • docker-compose.dev.yml clearly separated from production compose file
  • backup.sh — new backup script with SQLite WAL-safe copy, GPG keyring, audit logs, retention policy

Documentation

  • Bilingual documentation (English + French) covering installation, administration, API reference, security dossier, reverse proxy, and compliance
  • NIS2, SecNumCloud, and GDPR compliance mapping

[0.9.0] — 2026-03-01

Beta release — internal testing.

Added

  • SBOM export (CycloneDX 1.5, SPDX 2.3)
  • EPSS scoring and CISA KEV enrichment
  • CISO review queue for CVE-flagged packages
  • LDAP / Active Directory authentication with group-to-role mapping
  • API tokens for CI/CD pipelines
  • Package import from upstream APT sources (Ubuntu, Debian)
  • Batch import with streaming SSE progress
  • Grype CVE scanner integration
  • ClamAV antivirus integration
  • Download statistics and analytics

[0.5.0] — 2025-12-15

Alpha release.

Added

  • APT repository with Nginx serving
  • Package upload with format and SHA-256 validation
  • GPG signing
  • JWT authentication
  • Basic RBAC (admin, uploader, reader)
  • Web frontend (React)
  • FastAPI backend
  • Docker Compose deployment