- Change 'changed' check from truthy string to explicit 'true' comparison
- GitHub Actions treats non-empty strings as truthy, causing step to run unexpectedly
- This was causing the workflow to attempt updating v0.3.0 release when it shouldn't
- Added custom manager in renovate.json to track Go dependencies patched in Dockerfile for Caddy CVE fixes.
- Updated Dockerfile to pre-fetch and override vulnerable module versions for dependencies (expr, quic-go, smallstep/certificates) during the build process.
- Improved build resilience by implementing a fallback mechanism for Caddy versioning.
- Introduced tests for user SMTP audit, covering invite token security, input validation, authorization, and SMTP config security.
- Enhanced user invite functionality with duplicate email protection and case-insensitive checks.
- Updated go.work.sum to include new dependencies and ensure compatibility.
- Implemented new CSS animations for UI elements including bobbing, pulsing, rotating, and spinning effects.
- Integrated loading overlays in CrowdSecConfig, Login, ProxyHosts, Security, and WafConfig pages to enhance user experience during asynchronous operations.
- Added contextual messages for loading states to inform users about ongoing processes.
- Created tests for Login and Security pages to ensure overlays function correctly during login attempts and security operations.
- Add unit tests for WAF ruleset selection priority and handler validation in config_waf_test.go.
- Enhance manager.go to sanitize ruleset names, preventing path traversal vulnerabilities.
- Introduce debug logging for WAF configuration state in manager.go to aid troubleshooting.
- Create integration tests to verify WAF handler presence and ruleset sanitization in manager_additional_test.go.
- Update coraza_integration.sh to include verification steps for WAF configuration and improved error handling.
- Document the Coraza WAF integration fix plan, detailing root cause analysis and implementation tasks.
Checkout v6.0.1 was released yesterday (Dec 2, 2025) and is causing CI
failures across all workflows. The v6 release requires minimum GitHub
Actions Runner v2.329.0 for Docker container scenarios and likely has
edge cases causing failures.
Downgrading to v4.2.2 (stable release from Oct 2024) to restore CI
stability. Can re-evaluate v6 after it matures.
Affects 16 checkout action references across 12 workflow files:
- quality-checks.yml
- waf-integration.yml
- docker-publish.yml
- codecov-upload.yml
- codeql.yml
- benchmark.yml
- docs.yml
- release-goreleaser.yml
- auto-versioning.yml
- docker-lint.yml
- auto-changelog.yml
- renovate.yml
