• v2.4.3-dev e2d3ea427c

    FTMahringer released this 2026-05-12 01:43:57 +02:00 | 112 commits to main since this release

    v2.4.3-dev - Secrets Management

    Added

    • SecretValidator: startup check for default secrets, warns in dev, fails in production profile
    • TokenBlacklistService: Redis-backed token revocation with TTL-based auto-cleanup
    • JwtService: JTI claim added to tokens, blacklist check in isTokenValid(), revokeToken() method
    • AuthenticationService: logout() revokes token, refresh() revokes old refresh token
    • AuthenticationController: POST /api/auth/logout endpoint (204 No Content)
    • application.yml: synapse.security.require-secrets-override config
    Downloads