Download Latest Version
v0.1.9 source code.tar.gz (1.6 MB)
Get an email when there's a new version of Status
| Name | Modified | Size | Downloads / Week |
|---|---|---|---|
| Parent folder | |||
| status-linux-x86_64-musl | 2026-04-10 | 18.2 MB | |
| status-linux-x86_64-musl.sha256 | 2026-04-10 | 91 Bytes | |
| README.md | 2026-04-10 | 2.1 kB | |
| v0.1.7 -- Security Hardening (OWASP Top 10) source code.tar.gz | 2026-04-10 | 1.5 MB | |
| v0.1.7 -- Security Hardening (OWASP Top 10) source code.zip | 2026-04-10 | 1.5 MB | |
| Totals: 5 Items | 21.2 MB | 1 | |
🔒 Security Release
This release addresses 6 Critical and 5 High severity findings from a comprehensive OWASP Top 10 audit.
Security Fixes
- No default credentials — login disabled until
STATUS_PANEL_USERNAME/PASSWORDare configured - Container & SSL routes require authentication —
/restart,/stop,/pause,/enable_ssl,/disable_ssl - AGENT_ID enforced — API endpoints reject requests when
AGENT_IDis unset - Secure session cookies —
HttpOnly; Secure; SameSite=Strict - Certbot injection prevented — email/domain values validated against shell metacharacters
- Daemon command validation — shell fallback now passes through
CommandValidator - Session TTL —
cleanup_expired()removes stale sessions - Localhost by default — server binds
127.0.0.1instead of0.0.0.0 - Logout invalidates session — server-side deletion + cookie cleared
- HTTPS-only self-update — HTTP URLs rejected; SHA256 always computed
- 12 automated OWASP security tests added
Added
status init— generates defaultconfig.jsonand.envtemplate on first run- Friendly error message when config is missing (replaces stack trace)
Fixed
- RUSTSEC-2026-0049 — upgraded
rustls-webpki0.103.8 → 0.103.10
Upgrade Guide
After upgrading, ensure these environment variables are set:
:::bash
STATUS_PANEL_USERNAME=your-username
STATUS_PANEL_PASSWORD=your-password
AGENT_ID=your-agent-id
Or run status init to generate a .env template.
Full changelog: https://github.com/trydirect/status/blob/master/CHANGELOG.md
What's Changed
- feat: add 'status init' command for first-run config generation by @vsilent in https://github.com/trydirect/status/pull/85
- OWASP-10 security fixes by @vsilent in https://github.com/trydirect/status/pull/86
- release: v0.1.7 — security hardening (OWASP Top 10) by @vsilent in https://github.com/trydirect/status/pull/87
Full Changelog: https://github.com/trydirect/status/compare/v0.1.6...v0.1.7
