NexaPG 0.1.8 - Critical Security Update - NexaPG - Nessi Gitea

nessi/NexaPG

0.1.8 cd91b20278

Compare
NexaPG 0.1.8 - Critical Security Update

All checks were successful

PostgreSQL Compatibility Matrix / PG14 smoke (push) Successful in 7s

Details

PostgreSQL Compatibility Matrix / PG15 smoke (push) Successful in 8s

Details

PostgreSQL Compatibility Matrix / PG16 smoke (push) Successful in 7s

Details

PostgreSQL Compatibility Matrix / PG17 smoke (push) Successful in 7s

Details

PostgreSQL Compatibility Matrix / PG18 smoke (push) Successful in 7s

Details

Docker Publish (Release) / Build and Push Docker Images (release) Successful in 1m27s

Details

Stable

nessi released this 2026-02-13 12:24:45 +00:00 | 21 commits to main since this release
Security

JWT Library Migration (CVE Reduction)
- Replaced python-jose[cryptography] with PyJWT for token handling.
- Removed direct ecdsa dependency from backend requirements.
- Updated JWT exception handling to jwt.InvalidTokenError in auth/validation paths.
Dependency Cleanup
- Removed packages no longer required after JWT migration:
  - python-jose
  - ecdsa
Implementation Notes
- JWT signing/verification behavior remains unchanged (same configured algorithm and secret).
- Existing access/refresh token flow and auth guards continue to work as before.
Notes
- No database migration required.
- Rebuild and republish backend image, then redeploy to apply dependency/security changes.
Downloads
- Source Code (ZIP)
- Source Code (TAR.GZ)