v1.16.0 — Security Hardening & Premium Panel Polish
Security & Hardening
- Path traversal prevention —
validate_output_path()added to all 157+ output_path and 100+ output_dir parameters across 43+ route files - FFmpeg concat demux injection — Newline/carriage return stripping in filenames for concat operations
- SSRF prevention — LLM base_url validation blocks non-HTTP schemes
- Information disclosure — Error responses no longer leak raw exception messages
- Docker hardening — Non-root user added to container image
- Windows reserved names —
validate_path()blocks CON, PRN, AUX, NUL, etc. - Atomic file writes — Plugin marketplace manifest and scripting console history use tempfile + os.replace
- Sandbox escape prevention — Scripting console blocks
__import__, exec, eval, compile, open, os, sys, subprocess in AST - Plugin marketplace hardening — plugin_id validation, safe download-scheme validation, zip-slip blocking, archive-size/member-count limits
- User-data quarantine — Corrupt JSON user-data files are quarantined instead of silently lost
Panel UX Polish
- CEP panel — Calmer premium visual system, stronger typography hierarchy, improved editorial copy, better accessibility (skip links, aria-controls, tab semantics)
- UXP panel — Workspace overview with live values, unified clip-selection across tabs, keyboard accessibility improvements, premium guidance cards, richer result/search surfaces
- Shared shot context — One active clip carries across Cut, Captions, Audio, and Video tabs
Backend Improvements
- Structured JSON error handlers for malformed requests, 404s, 405s
- Job cancellation/history integrity fixes
- Queue dispatch reliability improvements
- Env-driven config overrides now flow into live job runtime
- Backward-compatible alias routes for dev scripting endpoints
- Engine preference clearing support ("auto" mode)
- Workflow route accepts both list and dict step payloads
Stats
- 1,152+ API routes | 7,551+ tests | 424 core modules | 88 blueprints
Full Changelog: v1.15.0...v1.16.0