Key features implemented:
- Updated .gitignore to include additional cache and coverage directories (.mypy_cache/, .pytest_cache/, coverage/, htmlcov/)
- Enhanced XSS protection in pkg-manager plugin by adding HTML escaping for all user data in page rendering functions
- Improved PL injection security in plugin-loader with enhanced static source code analysis including base64 decoding checks and string concatenation bypass detection
- Strengthened configuration file loading security using ast.literal_eval for safe parsing and stricter code execution prevention
- Added comprehensive dangerous pattern checks in PL injection static analysis to prevent various bypass techniques
The updates focus on security hardening across the plugin system, particularly addressing input sanitization and code injection vulnerabilities while expanding the project's ignore patterns for better repository cleanliness.
Key features implemented:
- Updated .gitignore with cleaner Python and build artifact patterns
- Enhanced TcpHttpServer with improved exception handling for connection errors and better request parsing
- Added detailed error event emission for OSError and other exceptions in TCP server
- Improved plugin loader security with enhanced configuration file validation and error handling
- Added comprehensive logging for plugin loading and dependency injection processes
- Refined PL injection mechanism with stricter function name and route validation
The updates provide more robust error handling in the TCP server and strengthen security measures in the plugin loader while improving overall system stability.
Key features implemented:
- Updated package metadata and dependencies in PKG-INFO, setup files
- Added main.py entry point for backward compatibility with README launch method
- Enhanced CLI with config options, system info command, and proper signal handling
- Implemented minimal PluginManager loading only plugin-loader core plugin
- Refactored PluginLoader to follow minimal core design, removed sandbox/isolation complexity
- Updated auto-dependency plugin with safer PL injection mechanism and disabled pl_injection
- Removed legacy plugin files (firewall, frp_proxy, ftp_server, multi_lang_deploy, ops_toolbox, security_gateway) as functionality moved to core plugin system
- Improved gitignore with comprehensive ignore patterns
The changes implement a minimal core framework design where only the plugin-loader is directly loaded by the core, with all other plugins managed through the PL injection mechanism, significantly simplifying the architecture.
- Add `website/` to .gitignore to exclude website build artifacts
- Add Node.js debug configurations for FutureOSS website in launch.json
- Update VSCode color theme to "Default Dark Modern"
- Refactor plugin loader to simplify dependency and lifecycle plugin loading logic
