MHSanaei d2dc589f14 fix(node): capture node cert via VerifyConnection for fingerprint fetch ...

FetchCertFingerprint read the leaf certificate from a bare insecure TLS
handshake, which CodeQL flagged as go/disabled-certificate-check. The
function intentionally accepts any cert (trust-on-first-use, so the admin
can pin a not-yet-trusted node), so verification cannot be enabled.

Capture the leaf cert inside a VerifyConnection callback instead, matching
the existing pattern in nodeHTTPClientFor that already clears the same
query. Behavior is unchanged.

2026-06-02 03:09:33 +02:00

..

controller

feat(nodes): add per-node TLS verification mode for self-signed certs (#4757)

2026-06-02 01:24:27 +02:00

entity

fix(settings): sync generated schemas

2026-05-31 19:00:26 +02:00

global

Feat/multi inbound clients (#4469)

2026-05-19 12:20:24 +02:00

job

fix(job): skip fail2ban IP limit when disabled (#4581)

2026-06-02 01:36:24 +02:00

locale

v3

2026-05-10 02:13:42 +02:00

middleware

feat: complete Zod migration of frontend + bulk client batching (#4599)

2026-05-27 04:26:50 +02:00

network

docs: add comments for all functions

2025-09-20 09:35:50 +02:00

runtime

feat(nodes): bulk panel self-update with live online indicator

2026-06-01 07:03:06 +02:00

service

fix(node): capture node cert via VerifyConnection for fingerprint fetch

2026-06-02 03:09:33 +02:00

session

Security hardening: sessions, SSRF, CSP nonce, CSRF logout, trusted proxies (#4275)

2026-05-13 12:52:52 +02:00

translation

feat(outbounds): pick dialerProxy from other outbound tags for proxy chaining

2026-06-02 01:52:38 +02:00

websocket

fix(websocket): order register/unregister via single ops channel

2026-05-19 12:34:53 +02:00

web.go

feat(frontend): TanStack Query + React Router migration & in-panel API docs (#4541)

2026-05-24 21:34:52 +02:00