ansible/flaskpaste
1
0
Fork 0
forked from claw/flaskpaste
Code Pull Requests Activity

docs: update task tracking after CI enhancement

Browse Source
This commit is contained in:
Username
2025-12-25 00:10:37 +01:00
parent 88da4fedbe
commit db9b45a9ad
3 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ROADMAP.md
View File

@@ -190,6 +190,7 @@ These features will not be implemented:
| 2024-12 | systemd service unit | Security-hardened deployment example | 2024-12 | systemd service unit | Security-hardened deployment example
| 2024-12 | Rate limit headers | X-RateLimit-* on 201/429 responses | 2024-12 | Rate limit headers | X-RateLimit-* on 201/429 responses
| 2024-12 | Pentest remediation complete | 15 security hardening items from formal review | 2024-12 | Pentest remediation complete | 15 security hardening items from formal review
| 2024-12 | Enhanced CI security | SBOM generation, dedicated security-tests job
## Review Schedule ## Review Schedule

1
TASKLIST.md
View File

@@ -28,6 +28,7 @@ Prioritized, actionable tasks. Each task is small and completable in one session
| Date | Task | Date | Task
|------------|-------------------------------------------------------------- |------------|--------------------------------------------------------------
| 2024-12 | Enhance CI with security-tests job, SBOM generation, memory checks
| 2024-12 | Complete pentest remediation (CRYPTO-001, TIMING-001) | 2024-12 | Complete pentest remediation (CRYPTO-001, TIMING-001)
| 2024-12 | Complete pentest remediation (HASH-001, ENUM-001) | 2024-12 | Complete pentest remediation (HASH-001, ENUM-001)
| 2024-12 | Complete pentest remediation (FLOOD-001, CLI-002, CLI-003, AUDIT-001) | 2024-12 | Complete pentest remediation (FLOOD-001, CLI-002, CLI-003, AUDIT-001)

1
TODO.md
View File

@@ -17,6 +17,7 @@ Unstructured intake buffer for ideas, issues, and observations. Items here are r
## Observations ## Observations
- CI enhanced: security-tests job, SBOM generation (CycloneDX), memory leak checks
- Comprehensive pentest plan completed (PENTEST_PLAN.md) - all remediations implemented - Comprehensive pentest plan completed (PENTEST_PLAN.md) - all remediations implemented
- PKI uses AES-256-GCM for CA private key encryption (PBKDF2 key derivation) - PKI uses AES-256-GCM for CA private key encryption (PBKDF2 key derivation)
- SHA1 fingerprints are X.509 standard, not security-relevant (usedforsecurity=False) - SHA1 fingerprints are X.509 standard, not security-relevant (usedforsecurity=False)