- Enhanced Notifications component tests to include support for Discord, Gotify, and Webhook provider types.
- Updated test cases to validate the correct handling of provider type options and ensure proper payload structure during creation, preview, and testing.
- Introduced new tests for Gotify token handling and ensured sensitive information is not exposed in the UI.
- Refactored existing tests for clarity and maintainability, including improved assertions and error handling.
- Added comprehensive coverage for payload validation scenarios, including malformed requests and security checks against SSRF and oversized payloads.
- Introduced optional keepalive settings: `keepalive_idle` and `keepalive_count` in the Server struct.
- Implemented UI controls for keepalive settings in System Settings, including validation and persistence.
- Added localization support for new keepalive fields in multiple languages.
- Created a manual test tracking plan for verifying keepalive controls and their behavior.
- Updated existing tests to cover new functionality and ensure proper validation of keepalive inputs.
- Ensured safe defaults and fallback behavior for missing or invalid keepalive values.
- Added tests to `proxyhost_service_validation_test.go` to validate fallback parsing and handle invalid hostname characters.
- Introduced new tests for DNS challenge validation in `proxyhost_service_validation_test.go`.
- Updated `current_spec.md` to reflect changes in testing strategy and coverage goals for PR #729.
- Enhanced `Security.functional.test.tsx` to include navigation test for Notifications button.
- Mocked `useNavigate` from `react-router-dom` to verify navigation behavior in Security page tests.
- Implement tests for feature flags coverage in `feature_flags_coverage_v2_test.go` to validate behavior with invalid persisted and environment values, as well as default settings.
- Create tests in `notification_provider_patch_coverage_test.go` to ensure correct handling of notification provider updates, including blocking type mutations for non-Discord providers.
- Add tests in `security_notifications_patch_coverage_test.go` to verify deprecated headers, handle invalid CIDR warnings, and ensure correct severity handling for security events.
- Introduce migration error handling tests in `routes_coverage_test.go` to ensure graceful handling of migration errors during registration.
- Enhance `cerberus_blockers_test.go` with tests for disabled security event notifications and error handling for dispatch failures.
- Update `router_test.go` to validate notify routing based on feature flags.
- Refactor `mail_service.go` to normalize base URLs for invites, ensuring proper handling of trailing slashes.
- Modify `notification_service_json_test.go` and `notification_service_test.go` to mock Discord validation and improve webhook testing.
- Update `proxyhost_service.go` to enhance hostname validation by parsing URLs.
- Refine `uptime_service.go` to extract ports correctly from URLs, including handling edge cases.
- Enhance frontend tests in `notifications.test.ts` and `Notifications.test.tsx` to ensure correct behavior for Discord notification providers and enforce type constraints.
- Added validation to reject non-discord provider types in create, update, test, and preview operations.
- Updated the notifications form to automatically normalize non-discord types to discord.
- Modified UI to display explicit messaging for deprecated and non-dispatch statuses for non-discord providers.
- Enhanced tests to cover new validation logic and UI changes for provider types.
- Refactored notification provider tests to use Discord webhook URLs.
- Updated frontend forms and API interactions to restrict provider type to Discord.
- Modified translations to reflect the change in supported provider types.
- Enhanced UI to indicate deprecated status for non-Discord providers.
- Adjusted documentation to align with the new provider structure.
- Introduced EnhancedSecurityNotificationService for provider-based notifications.
- Added migration logic from legacy notification configuration to managed providers.
- Updated NotificationConfig model to reflect API surface changes and maintain legacy fields.
- Enhanced Cerberus middleware to dispatch security events based on feature flags.
- Updated routes to utilize the new enhanced service and handle migration at startup.
- Added feature flag for security provider events to control behavior in production.
- Updated tests to cover new functionality and ensure compatibility with existing behavior.
This change hardens certificate handler test execution so repeated CI runs are deterministic and no longer fail intermittently under concurrent scheduling and race-mode pressure.
It was necessary because initialization timing and test setup ordering created nondeterministic behavior that produced sporadic failures in the backend test suite.
The result is a stable certificate list test path with explicit validation gates and reproducible test artifacts for auditing.
Known container vulnerability findings remain documented and are treated as an accepted exception for this hotfix scope, with remediation deferred to the dedicated security track.
- Removed unnecessary fields from logs where applicable to reduce clutter and focus on essential information.
- Ensured consistent logging practices to enhance security and prevent log injection vulnerabilities.
- Implement tests for BackupService to handle database extraction from backup archives with SHM and WAL entries.
- Add tests for BackupService to validate behavior when creating backups for non-SQLite databases and handling oversized database entries.
- Introduce tests for CrowdSec startup to ensure proper error handling during configuration creation.
- Enhance LogService tests to cover scenarios for skipping dot and empty directories and handling read directory errors.
- Add tests for SecurityHeadersService to ensure proper error handling during preset creation and updates.
- Update ProxyHostForm tests to include HSTS subdomains toggle and validation for port input handling.
- Enhance DNSProviders tests to validate manual challenge completion and error handling when no providers are available.
- Extend UsersPage tests to ensure fallback mechanisms for clipboard operations when the clipboard API fails.
- Implemented tests for `extractAuthCookieToken` to ensure it returns an empty string when the request is nil and ignores non-auth cookies.
- Added tests for `isAdminSecurityControlPlaneRequest` to verify it correctly uses the decoded raw path.
- Enhanced `NewRateLimitMiddleware` tests to check fallback behavior for non-positive window values and to ensure it bypasses rate limiting for control plane bearer requests.
- Implemented a function to create a valid SQLite database for testing in db_health_handler_test.go.
- Replaced dummy database file creation with a proper SQLite setup to ensure tests run against a valid database.
- Set CHARON_ENCRYPTION_KEY environment variable in dns_provider_service_test.go to prevent RotationService initialization warnings.
- Added detailed remediation plan for CI Codecov backend test failures, addressing encryption key requirements and database record not found errors.
- Added tests for transient SQLite errors in emergency_handler_test.go.
- Introduced validation tests for provider errors in notification_provider_handler_validation_test.go.
- Implemented helper tests for settings handling in settings_handler_helpers_test.go.
- Expanded backup_handler_test.go to include SQLite database setup and validation.
- Improved system_permissions_handler_test.go with additional path repair tests.
- Updated backup_service_test.go to ensure proper database handling and error checks during backup operations.
- Refined import_handler_test.go with additional session validation tests.
- Updated test scripts in package.json to set NODE_OPTIONS for increased memory limit.
- Added safety checks for remote servers and domains in ProxyHostForm component to prevent errors.
- Refactored Notifications tests to remove unnecessary use of fake timers and improve clarity.
- Updated ProxyHosts extra tests to specify button names for better accessibility.
- Enhanced Security functional tests by centralizing translation strings and improving mock implementations.
- Adjusted test setup to suppress specific console errors related to act() warnings.
- Modified vitest configuration to limit worker usage and prevent memory issues during testing.
