Fix review findings: offline assets, security, audit logging
- Bundle Bootstrap CSS/JS/icons locally for air-gapped operation - Add path traversal validation on image import source - Disable Flask debug mode in production - Fix file handle leaks, remove unused import - Add python3-pip, python3-venv, p7zip-full to offline packages - Add pip wheel download/bundling for offline Flask install - Change UFW default policy from allow to deny - Fix wrong path displayed in unattend editor template - Dynamic sidebar image lists from all_image_types - Add audit logging for all write operations - Audit log viewer page with activity history Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
cproudlock
3
.gitignore
vendored
3
.gitignore
vendored
@@ -25,6 +25,9 @@ offline-packages/
|
||||
# Boot tool binaries (built by prepare-boot-tools.sh)
|
||||
boot-tools/
|
||||
|
||||
# Python wheels for offline install (built by download-packages.sh)
|
||||
pip-wheels/
|
||||
|
||||
# Deployment images (imported via webapp or USB)
|
||||
geastandardpbr/
|
||||
|
||||
|
||||
Reference in New Issue
Block a user