WERM

[1.0.1] - 2025-12-27

🔒 Security Hardening Release

This release focuses on comprehensive security improvements based on a full security audit.

Added

Security Features

• Command Validator - New CommandValidator.java blocks dangerous commands (op, deop, ban, stop, reload, whitelist, etc.) from being executed via deliveries
• Delivery Confirmation Queue - New DeliveryConfirmationQueue.java persists pending confirmations to survive server restarts
• TLS 1.2+ Enforcement - All API connections now require TLS 1.2 or higher
• Debug Log Redaction - Sensitive data (tokens, UUIDs, delivery IDs) automatically redacted in debug logs
• Input Sanitization - Player names and UUIDs sanitized before command placeholder substitution
• API Endpoint Validation - HTTPS requirement and domain whitelist enforcement
• Verification Rate Limiting - 5-second cooldown between /werm verify attempts
• IP Change Detection - Backend logs security events when tokens are used from new IPs
• Configurable Fallback - Fallback endpoints now require explicit opt-in (disabled by default)
• Auto-Discovery - Appwrite Project ID now auto-discovered from API /config endpoint

Admin Dashboard

• Audit Logs Page - New page in admin dashboard to view security events

Changed

• Removed hardcoded Appwrite Project ID from VerificationAPI.java
• Improved error handling for SSL/TLS connections
• Enhanced debug logging with automatic data redaction

Security Fixes

• CVE-like Fixes:
  • Command injection via delivery commands (Critical)
  • Debug mode exposing sensitive tokens (High)
  • No rate limiting on verification attempts (Medium)
  • Delivery confirmation atomicity issues (Medium)
  • Player name injection in commands (Medium)
  • Hardcoded project ID (High)
  • SSL certificate validation (High)
  • Unconfigured fallback endpoints (Low)
  • No endpoint validation (Low)

Files Added

• CommandValidator.java - Command blacklist and pattern validation
• DeliveryConfirmationQueue.java - Persistent confirmation queue

---