CooperandGoodman/yolkbook
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Go-live hardening: server_tokens, resource limits, pinned images, CVE fixes

Browse Source 
- Add server_tokens off to nginx (suppress version leakage)
- Add deploy.resources.limits to all containers (db: 512M, api: 256M, nginx: 64M)
- Pin image tags: mysql:8.0 → 8.0.45, nginx:alpine → 1.29.6-alpine
- Fix CVEs: cryptography 43.0.3 → 46.0.5 (HIGH), python-jose 3.3.0 → 3.4.0 (CRITICAL)
- Add .limit(500) to GET /api/flock and GET /api/admin/users

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Derek Cooper
2026-03-20 00:16:28 -07:00
parent 59f9685e2b
commit 392a48dfb9
5 changed files with 23 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
backend/routers/admin.py
View File

@@ -18,7 +18,7 @@ def list_users(
_: User = Depends(get_current_admin),
db: Session = Depends(get_db),
):
return db.scalars(select(User).order_by(User.created_at)).all()
return db.scalars(select(User).order_by(User.created_at).limit(500)).all()
@router.post("/users", response_model=UserOut, status_code=201)