mirror of
https://github.com/tiennm99/ccs.git
synced 2026-07-16 02:11:28 +00:00
- Fix X-Forwarded-For header spoofing in requireSensitiveLocalAccess (use socket-level address only) - Add model ID length validation (max 256 chars) in PUT /models/:provider - Add provider name validation (alphanumeric, max 64 chars) to prevent path traversal - Add stale entry eviction for unbounded quotaRateLimits Map (>1000 entries) - Fix concurrent refresh race in usage aggregator (wait for in-flight before forced refresh) - Sanitize internal URLs/paths from OAuth failure diagnostics - Add ValidationError class for denylist violations (distinct from system errors) - Make CLIProxy sync interval configurable via CCS_CLIPROXY_SYNC_INTERVAL env var - Improve legacy continuity config error logging (unconditional warn) - Add CACHE_VERSION history comments