DashLink - Releases

← App details

Nextcloud 32

DashLink 1.1.0
Release Details
UpdatedDec. 29, 2025, 10:16 a.m.
Changelog

Added

  • SecurityService: Centralized security validation and sanitization service
  • URL validation with protocol restrictions
  • Download URL validation with SSRF protection
  • Text sanitization for XSS prevention
  • Filename validation for path traversal prevention
  • Integer range validation
  • Target and group ID validation
  • RateLimitService: Distributed caching-based rate limiting
  • Configurable per-action rate limits
  • User-specific rate limiting
  • Automatic expiration handling

Changed

  • IconService: Updated to use SecurityService for all validations
  • Icon download now validates URLs before fetching
  • Icon filenames validated on retrieval
  • SVG files sanitized during upload
  • Mime-type validation added to prevent spoofing
  • LinkService: Updated to use SecurityService for input validation
  • All create/update operations validate and sanitize inputs
  • URL validation blocks dangerous protocols
  • Text inputs sanitized to prevent XSS
  • SettingsService: Updated to sanitize widget title
  • Widget title sanitized with length limit
  • HTML tags stripped, special characters encoded
  • LinkController: Enhanced with rate limiting and validation
  • Import endpoint rate-limited (5/hour)
  • File size limits enforced (1MB for imports)
  • JSON depth limits (10 levels)
  • Link count limits (100 per import)
  • Dependencies: Added enshrined/svg-sanitize (^0.19) for SVG sanitization

Fixed

Icon Upload/Management: - Icon preview now appears immediately after selecting a file, without needing to save first - Delete icon button improved with perfect circular shape (proper circle instead of ellipse) - Delete button hover effect changed to darker red with subtle glow instead of black border

3D Card Flip Effect: - Fixed card flip animation to rotate the entire card including shadow as a single unit, creating a more realistic 3D effect - Eliminated white background flash during flip transition - now shows widget background seamlessly - Fixed Firefox browser issue where front content was incorrectly visible on the back during flip

Technical Details

  • Improved security rating from C+ (69/100) to A (90+)
  • All critical and high-priority vulnerabilities resolved
  • OWASP Top 10 compliance achieved
  • Nextcloud security guidelines followed
  • CSRF protection verified (correctly implemented)
Licenses AGPLv3+
Certificate-----BEGIN CERTIFICATE-----
MIIEAzCCAusCAhLdMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNVBAYTAkRFMRswGQYD
VQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxFzAVBgNVBAoMDk5leHRjbG91ZCBHbWJI
MTYwNAYDVQQDDC1OZXh0Y2xvdWQgQ29kZSBTaWduaW5nIEludGVybWVkaWF0ZSBB
dXRob3JpdHkwHhcNMjUxMjI5MDk1MjEyWhcNMzYwNDA1MDk1MjEyWjATMREwDwYD
VQQDDAhkYXNobGluazCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJlH
0ZdyGcMeNA7VEg9xtHVvjdQQ4EEN8yckUpm9fCpkOxip0G2qd8CBAwlwxV6sCG4u
oaMIY9tw2ZXgOWLED/UnkKIhfXTyklbDI+rvlJvaC/4FZrfTrG7gUmBPPkpEosHD
wOP1QnkyM18il0YYYtKyx598ORp1jnnLrgPKqbNRwtt7DkUKKoukWGV5ZJVBL0nw
AyGFdP5rOcQ2e7QO9D7ND4joLzFo0j/E+YR3GzYiA4Uchv+lCf2NAjKwAQOm8C+I
mJWNjZDzBhRZuhxybqeFVFMaiOjf6D8RCvGM4ke4nWQSMwTMXz6LeQZNbIT6SI6R
moyaDIXDY7v9NsNHwGoa+uLskY+WFuM9bE8rxu4ytjrYkO+i+msY6/h4JiFsyOux
jY437321cI+08vSzbi7VeJ26JIoZHpFZNwKpCY8BQDg6j/S4yLJ7kDEm4hoIQQ9m
062V/krSD/DCcHTJDOf+i+jbJ0YZXh7zV5/ZLG/VK9PLjFWFl0+F35vmcwHnbXf/
MmKSyTmTsvMFOmlJvgTEKTNcuHLDmE7Yly4qnGF/kmAWgGg84gGfqm01lCiodEJi
KdrwwhXGtZIC3dQsk8PSAFByNOlpLfZRA9j2jmBMRgFsIjY4vg5169sM09Cbs9rF
RmSHQC3mBKHsweAW9RL3A9GSlPl5DwtxegWkwQbnAgMBAAEwDQYJKoZIhvcNAQEL
BQADggEBAEruHXn57gD/wfZUkwpjYr6Z2rqaD8sbF8r/Nhqi/6/fMPIoKA00u0YZ
sEB36caHQcZolvgdxrTY0Fh9zXrcyWVSI5/NDj3/exSw/VZExDff/s3PMj+07ij+
DKxYPXuDxz0QqP9gvypZCCWEzAPsFmeZGIU1/w5txWZZagmRHHI/wXAl40I+zj5e
w5CIp7wBrcHulnN4Ayqn+iVOjCaKTxFPIWOH2MyIAUPLIRoqD9uc44x9yZzmlRVI
AiKFzCHe7VV+EADPDOJhRP6NNhtrBvUksaUazW6U7xDrC7R+uzlGKlbJPGiQwtrZ
BozdoQCG34Cr2Flrl/2h//YQlybFG5E=
-----END CERTIFICATE-----
SignatureSsnvWU5wPygx0SUx+xtTu+FgCLCT2PEMB6ARGaCHiozH7x5ypktR2pJtgXPrwbpXTnqXEhtQOxb5jT17izNVF3CMJfNLlSdUAAgAzgWT8QnIZWpSwVc71+Cp74MlaIXzTbrTPsaBu85G1YCWz6DfKAJ0V9kJUKgEiQZg3NBvY1e5utxW21Urnk+JwHkI8+PjdfoFGZ9RLP6QOeaapZWLdE4tANSk4vZTx6v40F+LJy4Np8guBUoBnPx0VjwuyeKoSAl8b1vKL2idbV7E7C+L47wcpDzjd7ot374H9iwO2otizd8n1957ZtXTzkp5zGvHtTeOspCvyRuCQF4XMydWwWrO9SoLsy8uQf9deMmQ8OuUqUMZ/NTZDEN+zWisuhhQRKvXtedd0xUhi0H951ilvr/bSmO8dub6mq1uiPkU5+05NTRn1qbcjLQTqDQLhsBQQYZd8PkgmetdtbXe9ZyKZ68U6PUTS7+I2djE0uRk8HwCslCd5L4ia5LqJqMS2IOllsesfSrVmwMZL8Grx1n1eJM6wuYlaP+Z+7yMu67GtI/yio91CGInt4dHwpoa2T7RwzRYWcqDRfnFb44XeHIk8WGsWYPBuesWeeT5+lP+QeeR19Nqes6rAdNi4vW2H5Q2DQqo9xvRmAgQCJwy5TGyc7FaiZtgpuOjS8JLEWzOVjo=
Signature digestsha512
Dependencies
Required Nextcloud versions >=31.0.0,<33.0.0
Minimum Integer bits32
Download DashLink 1.1.0

Nextcloud 31

DashLink 1.1.0
Release Details
UpdatedDec. 29, 2025, 10:16 a.m.
Changelog

Added

  • SecurityService: Centralized security validation and sanitization service
  • URL validation with protocol restrictions
  • Download URL validation with SSRF protection
  • Text sanitization for XSS prevention
  • Filename validation for path traversal prevention
  • Integer range validation
  • Target and group ID validation
  • RateLimitService: Distributed caching-based rate limiting
  • Configurable per-action rate limits
  • User-specific rate limiting
  • Automatic expiration handling

Changed

  • IconService: Updated to use SecurityService for all validations
  • Icon download now validates URLs before fetching
  • Icon filenames validated on retrieval
  • SVG files sanitized during upload
  • Mime-type validation added to prevent spoofing
  • LinkService: Updated to use SecurityService for input validation
  • All create/update operations validate and sanitize inputs
  • URL validation blocks dangerous protocols
  • Text inputs sanitized to prevent XSS
  • SettingsService: Updated to sanitize widget title
  • Widget title sanitized with length limit
  • HTML tags stripped, special characters encoded
  • LinkController: Enhanced with rate limiting and validation
  • Import endpoint rate-limited (5/hour)
  • File size limits enforced (1MB for imports)
  • JSON depth limits (10 levels)
  • Link count limits (100 per import)
  • Dependencies: Added enshrined/svg-sanitize (^0.19) for SVG sanitization

Fixed

Icon Upload/Management: - Icon preview now appears immediately after selecting a file, without needing to save first - Delete icon button improved with perfect circular shape (proper circle instead of ellipse) - Delete button hover effect changed to darker red with subtle glow instead of black border

3D Card Flip Effect: - Fixed card flip animation to rotate the entire card including shadow as a single unit, creating a more realistic 3D effect - Eliminated white background flash during flip transition - now shows widget background seamlessly - Fixed Firefox browser issue where front content was incorrectly visible on the back during flip

Technical Details

  • Improved security rating from C+ (69/100) to A (90+)
  • All critical and high-priority vulnerabilities resolved
  • OWASP Top 10 compliance achieved
  • Nextcloud security guidelines followed
  • CSRF protection verified (correctly implemented)
Licenses AGPLv3+
Certificate-----BEGIN CERTIFICATE-----
MIIEAzCCAusCAhLdMA0GCSqGSIb3DQEBCwUAMHsxCzAJBgNVBAYTAkRFMRswGQYD
VQQIDBJCYWRlbi1XdWVydHRlbWJlcmcxFzAVBgNVBAoMDk5leHRjbG91ZCBHbWJI
MTYwNAYDVQQDDC1OZXh0Y2xvdWQgQ29kZSBTaWduaW5nIEludGVybWVkaWF0ZSBB
dXRob3JpdHkwHhcNMjUxMjI5MDk1MjEyWhcNMzYwNDA1MDk1MjEyWjATMREwDwYD
VQQDDAhkYXNobGluazCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJlH
0ZdyGcMeNA7VEg9xtHVvjdQQ4EEN8yckUpm9fCpkOxip0G2qd8CBAwlwxV6sCG4u
oaMIY9tw2ZXgOWLED/UnkKIhfXTyklbDI+rvlJvaC/4FZrfTrG7gUmBPPkpEosHD
wOP1QnkyM18il0YYYtKyx598ORp1jnnLrgPKqbNRwtt7DkUKKoukWGV5ZJVBL0nw
AyGFdP5rOcQ2e7QO9D7ND4joLzFo0j/E+YR3GzYiA4Uchv+lCf2NAjKwAQOm8C+I
mJWNjZDzBhRZuhxybqeFVFMaiOjf6D8RCvGM4ke4nWQSMwTMXz6LeQZNbIT6SI6R
moyaDIXDY7v9NsNHwGoa+uLskY+WFuM9bE8rxu4ytjrYkO+i+msY6/h4JiFsyOux
jY437321cI+08vSzbi7VeJ26JIoZHpFZNwKpCY8BQDg6j/S4yLJ7kDEm4hoIQQ9m
062V/krSD/DCcHTJDOf+i+jbJ0YZXh7zV5/ZLG/VK9PLjFWFl0+F35vmcwHnbXf/
MmKSyTmTsvMFOmlJvgTEKTNcuHLDmE7Yly4qnGF/kmAWgGg84gGfqm01lCiodEJi
KdrwwhXGtZIC3dQsk8PSAFByNOlpLfZRA9j2jmBMRgFsIjY4vg5169sM09Cbs9rF
RmSHQC3mBKHsweAW9RL3A9GSlPl5DwtxegWkwQbnAgMBAAEwDQYJKoZIhvcNAQEL
BQADggEBAEruHXn57gD/wfZUkwpjYr6Z2rqaD8sbF8r/Nhqi/6/fMPIoKA00u0YZ
sEB36caHQcZolvgdxrTY0Fh9zXrcyWVSI5/NDj3/exSw/VZExDff/s3PMj+07ij+
DKxYPXuDxz0QqP9gvypZCCWEzAPsFmeZGIU1/w5txWZZagmRHHI/wXAl40I+zj5e
w5CIp7wBrcHulnN4Ayqn+iVOjCaKTxFPIWOH2MyIAUPLIRoqD9uc44x9yZzmlRVI
AiKFzCHe7VV+EADPDOJhRP6NNhtrBvUksaUazW6U7xDrC7R+uzlGKlbJPGiQwtrZ
BozdoQCG34Cr2Flrl/2h//YQlybFG5E=
-----END CERTIFICATE-----
SignatureSsnvWU5wPygx0SUx+xtTu+FgCLCT2PEMB6ARGaCHiozH7x5ypktR2pJtgXPrwbpXTnqXEhtQOxb5jT17izNVF3CMJfNLlSdUAAgAzgWT8QnIZWpSwVc71+Cp74MlaIXzTbrTPsaBu85G1YCWz6DfKAJ0V9kJUKgEiQZg3NBvY1e5utxW21Urnk+JwHkI8+PjdfoFGZ9RLP6QOeaapZWLdE4tANSk4vZTx6v40F+LJy4Np8guBUoBnPx0VjwuyeKoSAl8b1vKL2idbV7E7C+L47wcpDzjd7ot374H9iwO2otizd8n1957ZtXTzkp5zGvHtTeOspCvyRuCQF4XMydWwWrO9SoLsy8uQf9deMmQ8OuUqUMZ/NTZDEN+zWisuhhQRKvXtedd0xUhi0H951ilvr/bSmO8dub6mq1uiPkU5+05NTRn1qbcjLQTqDQLhsBQQYZd8PkgmetdtbXe9ZyKZ68U6PUTS7+I2djE0uRk8HwCslCd5L4ia5LqJqMS2IOllsesfSrVmwMZL8Grx1n1eJM6wuYlaP+Z+7yMu67GtI/yio91CGInt4dHwpoa2T7RwzRYWcqDRfnFb44XeHIk8WGsWYPBuesWeeT5+lP+QeeR19Nqes6rAdNi4vW2H5Q2DQqo9xvRmAgQCJwy5TGyc7FaiZtgpuOjS8JLEWzOVjo=
Signature digestsha512
Dependencies
Required Nextcloud versions >=31.0.0,<33.0.0
Minimum Integer bits32
Download DashLink 1.1.0