Hartmut

0 Followers · 0 Following

• Joined on 2026-04-12

Repositories

2

Projects Packages Public Activity Starred Repositories

Hartmut pushed to security/password-policy-blacklist at Hartmut/CapaKraken 2026-04-18 14:53:35 +02:00

cfce1f2a15 test(shared): narrow PasswordCheckResult before reading reason

Hartmut pushed to security/password-policy-blacklist at Hartmut/CapaKraken 2026-04-18 14:09:56 +02:00

e01074926e security: reject common/weak passwords on every set-password path (#31)

d9a7ec0338 test(application): bump exceljs row/column-limit test timeouts to 60s

Compare 2 commits »

Hartmut pushed to main at Hartmut/CapaKraken 2026-04-18 14:09:27 +02:00

d9a7ec0338 test(application): bump exceljs row/column-limit test timeouts to 60s

Hartmut created pull request Hartmut/CapaKraken#60 2026-04-18 14:03:15 +02:00

security: reject common/weak passwords on every set-password path (#31)

Hartmut pushed to security/password-policy-blacklist at Hartmut/CapaKraken 2026-04-18 14:02:59 +02:00

9ef7114c77 security: reject common/weak passwords on every set-password path (#31)

Hartmut created branch security/password-policy-blacklist in Hartmut/CapaKraken 2026-04-18 14:02:59 +02:00

Hartmut deleted branch security/zod-audit-51 from Hartmut/CapaKraken 2026-04-18 13:53:31 +02:00

Hartmut pushed to main at Hartmut/CapaKraken 2026-04-18 13:53:30 +02:00

17471af7f8 security: bound Zod inputs, add SSE per-user cap and tRPC body limit (#51, PR #59)

Hartmut closed issue Hartmut/CapaKraken#51 2026-04-18 13:53:29 +02:00

Security [MEDIUM]: Systematic Zod .max() audit — 202 unbounded z.string() sites

Hartmut merged pull request Hartmut/CapaKraken#59 2026-04-18 13:53:28 +02:00

security: bound Zod inputs, add SSE per-user cap and tRPC body limit (#51)

Hartmut created pull request Hartmut/CapaKraken#59 2026-04-18 13:31:37 +02:00

security: bound Zod inputs, add SSE per-user cap and tRPC body limit (#51)

Hartmut pushed to security/zod-audit-51 at Hartmut/CapaKraken 2026-04-18 13:31:25 +02:00

40ca0c3046 security: bound Zod inputs, add SSE per-user cap and tRPC body limit (#51)

Hartmut created branch security/zod-audit-51 in Hartmut/CapaKraken 2026-04-18 13:31:25 +02:00

Hartmut pushed to main at Hartmut/CapaKraken 2026-04-17 19:14:57 +02:00

f0251a654a ci: retrigger marker — rerun ci.yml for fe79810 (Build log was never persisted)

Hartmut pushed to main at Hartmut/CapaKraken 2026-04-17 18:47:25 +02:00

fe79810a85 security: MFA backup codes — issue on enable, redeem at login, regenerate on demand (#43)

Hartmut pushed to main at Hartmut/CapaKraken 2026-04-17 16:30:12 +02:00

9dc1ffd3ad fix(ci): unblock build + unit-tests on main (#109)

Hartmut pushed to main at Hartmut/CapaKraken 2026-04-17 16:12:10 +02:00

656c9329f7 Merge branch 'security/audit-2026-04-17'

c4b01c1bfc security: workbook path allowlist + stronger image polyglot validation (#54)

3392297791 security: await audit writes, add per-turn AssistantPrompt audit (#55)

01c45d0344 security: align client password policy with server, enforce AUTH_SECRET length + entropy (#56)

805bb0464f security(docker): remove hardcoded dev password, stop placeholder secrets leaking into migrator image (#50)

Compare 23 commits »

Hartmut closed issue Hartmut/CapaKraken#54 2026-04-17 15:27:07 +02:00

Security [MEDIUM]: Dispo workbook path unvalidated + image upload polyglot risk

Hartmut commented on issue Hartmut/CapaKraken#54 2026-04-17 15:27:03 +02:00

Security [MEDIUM]: Dispo workbook path unvalidated + image upload polyglot risk

Resolved in commit c4b01c1bfc41605009a33910e458e03c51a33155 on branch security/audit-2026-04-17.

What changed

Dispo workbook path allowlist

• New DISPO_IMPORT_DIR env var (defaults to…

Hartmut pushed to security/audit-2026-04-17 at Hartmut/CapaKraken 2026-04-17 15:26:31 +02:00

c4b01c1bfc security: workbook path allowlist + stronger image polyglot validation (#54)