39 lines
1.4 KiB
Markdown
39 lines
1.4 KiB
Markdown
# AOC v1.7.17 Release Notes
|
|
|
|
**Release Date:** 2026-05-29
|
|
|
|
## Security & Hardening
|
|
|
|
### Alpine.js CSP Build
|
|
|
|
The frontend now loads the **Alpine.js CSP build** (`@alpinejs/csp@3.15.12`) instead of the standard distribution. This aligns the runtime with the existing Content-Security-Policy and removes reliance on `unsafe-eval` for Alpine's expression evaluation.
|
|
|
|
- **File:** `backend/frontend/index.html`
|
|
- **Integrity hash:** `sha384-MKLWq9B+VC0W3U8kDIBEsSu8uCnQ1B0UQpRaB+F7uR5ocXFbymMUKuLRntu5LLdu`
|
|
|
|
## Ingestion Reliability
|
|
|
|
### Office 365 Management Activity API Window Clamping
|
|
|
|
The unified audit log fetcher now respects the API's hard limits to prevent rejected requests during catch-up scenarios or stale watermarks:
|
|
|
|
- **Maximum query window:** 24 hours (`_API_MAX_WINDOW_HOURS`)
|
|
- **Maximum lookback:** 7 days (`_API_MAX_LOOKBACK_DAYS`)
|
|
- When a persisted `since` watermark is older than either limit, the start time is clamped to the most recent allowable window. Subsequent fetches continue catching up normally.
|
|
|
|
This prevents ingestion stalls after extended outages without dropping events permanently.
|
|
|
|
## Files Changed
|
|
|
|
| File | Change |
|
|
|------|--------|
|
|
| `backend/frontend/index.html` | Switched Alpine.js to CSP build with updated SRI hash |
|
|
| `backend/sources/unified_audit.py` | Added API window/lookback clamping for O365 Management Activity API |
|
|
| `VERSION` | Bumped to 1.7.17 |
|
|
|
|
## Docker Image
|
|
|
|
```
|
|
git.cqre.net/cqrenet/aoc-backend:v1.7.17
|
|
```
|