cqrenet/aoc
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 31 Wiki Activity
Files
79647d896249537eaf2275a6ca5a197325172b58
aoc/RELEASE_NOTES_v1.7.17.md
T
tomas.kracmar 79647d8962
Release / build-and-push (push) Successful in 1m49s
Details
CI / lint-and-test (push) Successful in 2m6s
Details
Release v1.7.17: Alpine.js CSP build, O365 API window clamping
2026-05-29 06:44:36 +02:00

1.4 KiB
Raw Blame History

AOC v1.7.17 Release Notes

Release Date: 2026-05-29

Security & Hardening

Alpine.js CSP Build

The frontend now loads the Alpine.js CSP build (@alpinejs/csp@3.15.12) instead of the standard distribution. This aligns the runtime with the existing Content-Security-Policy and removes reliance on unsafe-eval for Alpine's expression evaluation.

  • File: backend/frontend/index.html
  • Integrity hash: sha384-MKLWq9B+VC0W3U8kDIBEsSu8uCnQ1B0UQpRaB+F7uR5ocXFbymMUKuLRntu5LLdu

Ingestion Reliability

Office 365 Management Activity API Window Clamping

The unified audit log fetcher now respects the API's hard limits to prevent rejected requests during catch-up scenarios or stale watermarks:

  • Maximum query window: 24 hours (_API_MAX_WINDOW_HOURS)
  • Maximum lookback: 7 days (_API_MAX_LOOKBACK_DAYS)
  • When a persisted since watermark is older than either limit, the start time is clamped to the most recent allowable window. Subsequent fetches continue catching up normally.

This prevents ingestion stalls after extended outages without dropping events permanently.

Files Changed

File Change
backend/frontend/index.html Switched Alpine.js to CSP build with updated SRI hash
backend/sources/unified_audit.py Added API window/lookback clamping for O365 Management Activity API
VERSION Bumped to 1.7.17

Docker Image

git.cqre.net/cqrenet/aoc-backend:v1.7.17
Reference in New Issue View Git Blame Copy Permalink