AWS Graph Explorer v3.0.1 Security Hardening and HTTPS Fallback Bug Fix

Vulnerability Overview This web screenshot displays the release notes for the project, version 3.0.1. This release primarily focuses on improving error handling, refactoring the proxy server to enhance testability, and strengthening application protection mechanisms. Impact Scope Error Handling: The error details dialog now displays status codes, response bodies, and cause chains to facilitate problem diagnosis without logs. Invalid proxy requests now return 400 errors instead of opaque 500 errors. Connection failures and CORS mismatches now surface the target error messages. Tools and Documentation: The Vite 8 upgrade reduced build times by 60% and bundle sizes by 5%. Documentation was reorganized into Guides and References, and the README was updated. Application Hardening: Stricter default CORS settings, supply chain hardening, automated vulnerability scanning, least-privilege CI permissions, and new security policies for reporting vulnerabilities. Proxy Server: Previously untestable portions of the proxy server now have 170+ tests (up from 56), making future changes safer and more reliable. Fix Solution HTTPS Configuration: Fixed a bug where the Docker entrypoint ignored custom configuration directory paths, potentially causing HTTPS settings to be silently skipped. Previously, when HTTPS was enabled but certificate generation or discovery failed, the server would silently fall back to HTTP rather than reporting the issue. The server now exits and displays a clear error in this scenario. If you were inadvertently relying on this fallback behavior, ensure you check certificates before upgrading or before explicitly disabling HTTPS. Other Fixes: - Updated dependencies and removed the obsolete override. - Cleaned up Docker images and added Trivy scanning to CI. - Disabled schema sync queries when no connections exist. - Added documentation for and . - Updated dependencies to the latest compatible versions. - Decoupled proxy server startup from module-level side effects. - Added tests for and fixed POSIX compliance. - Updated to the latest version. - Extracted the proxy server into a testable module. - Extracted SSL certificate logic into a testable script. - Validated the graph database connection URL against the Zod schema. - Implemented fast failure when HTTPS is requested but the certificate is missing. - Improved error details with richer diagnostic information. - Added security policies and audit workflows. - Removed the component. - Improved error details and handling of proxy connection errors. - Updated Vite to version 8. - Hardened supply chain security settings. - Improved default CORS and upstream header forwarding. POC Code or Exploit Code No specific POC code or exploit code is included in the page. Summary This release primarily improves error handling, strengthens application protection mechanisms, and fixes a bug in the HTTPS configuration. These improvements enhance the stability and security of the system.

Goal Reached Thanks to every supporter — we hit 100%!

AWS Graph Explorer v3.0.1 Security Hardening and HTTPS Fallback Bug Fix

More from this source