- Introduced tests for the security handler, covering UpdateConfig, GetConfig, ListDecisions, CreateDecision, UpsertRuleSet, DeleteRuleSet, Enable, and Disable functionalities.
- Added tests for user handler methods including GetSetupStatus, Setup, RegenerateAPIKey, GetProfile, and UpdateProfile, ensuring robust error handling and validation.
- Implemented path traversal and injection tests in the WAF configuration to prevent security vulnerabilities.
- Updated the manager to sanitize ruleset names by stripping potentially harmful characters and patterns.
- Implemented new CSS animations for UI elements including bobbing, pulsing, rotating, and spinning effects.
- Integrated loading overlays in CrowdSecConfig, Login, ProxyHosts, Security, and WafConfig pages to enhance user experience during asynchronous operations.
- Added contextual messages for loading states to inform users about ongoing processes.
- Created tests for Login and Security pages to ensure overlays function correctly during login attempts and security operations.
- Made Caddy admin API verification advisory (non-blocking warnings)
- Increased wait times for config reloads (10s WAF, 12s monitor mode)
- Fixed httpbin readiness check to use charon container tools
- Added local testing documentation in scripts/README.md
- Fixed issue where admin API stops during config reload
All tests now pass locally with proper error handling and graceful degradation.
- Remove -v $(pwd)/backend:/app/backend:ro mount
- Remove -v $(pwd)/frontend/dist:/app/frontend/dist:ro mount
- In CI, frontend/dist doesn't exist (built inside Docker image)
- Mounting non-existent dirs overrides built content with empty dirs
- Add conditional docker build (skip if image already exists)
- Preserves CI workflow's pre-built image
This was the root cause of WAF integration test failing in CI:
the volume mount was overriding /app/frontend/dist with an empty
directory, breaking the application.
- Map Caddy admin API port 2019 in docker run command
- Add readiness check for httpbin backend container
- Increase wait times after config changes (3s→5s, 5s→8s) for CI environment
- Add retry logic (3 attempts) for WAF block/monitor mode tests
Fixes WAF integration test failing in CI but passing locally.
- Add unit tests for WAF ruleset selection priority and handler validation in config_waf_test.go.
- Enhance manager.go to sanitize ruleset names, preventing path traversal vulnerabilities.
- Introduce debug logging for WAF configuration state in manager.go to aid troubleshooting.
- Create integration tests to verify WAF handler presence and ruleset sanitization in manager_additional_test.go.
- Update coraza_integration.sh to include verification steps for WAF configuration and improved error handling.
- Document the Coraza WAF integration fix plan, detailing root cause analysis and implementation tasks.
- Add ApplyConfig call in UpdateConfig handler after saving to DB
- This ensures WAF mode changes (block/monitor) regenerate rulesets
- Add nil guard for caddyManager in tests
- Use glob pattern for ruleset file inspection (integration-xss-*.conf)
- Increase wait time for monitor mode config application from 2s to 5s
- Aligns with manager.go hash-based filename generation
- Change test assertions from checking 'include' array to 'directives' string
- Fix advanced_config array case to use 'directives' instead of 'include'
- Calculate ruleset hash from final content (after SecRuleEngine prepend)
- Update filename pattern matching in tests for hashed filenames
- Ensures WAF mode changes result in different ruleset filenames
Checkout v6.0.1 was released yesterday (Dec 2, 2025) and is causing CI
failures across all workflows. The v6 release requires minimum GitHub
Actions Runner v2.329.0 for Docker container scenarios and likely has
edge cases causing failures.
Downgrading to v4.2.2 (stable release from Oct 2024) to restore CI
stability. Can re-evaluate v6 after it matures.
Affects 16 checkout action references across 12 workflow files:
- quality-checks.yml
- waf-integration.yml
- docker-publish.yml
- codecov-upload.yml
- codeql.yml
- benchmark.yml
- docs.yml
- release-goreleaser.yml
- auto-versioning.yml
- docker-lint.yml
- auto-changelog.yml
- renovate.yml
