SummitPSA 0.3.0 — Security hardening
SummitPSA 0.3.0 is a security-hardening release. It strengthens how the application runs, how it protects your data at rest, and how updates reach your install — and it reflects a comprehensive security audit, carried out with the rigor of an external review, whose findings have been addressed. Almost all of this is invisible in day-to-day use. The one item some operators need to act on is called out below.
What’s now protected
- A hardened runtime. SummitPSA now runs as a locked-down, unprivileged service — a read-only application filesystem with system privileges dropped — so that an unexpected fault is tightly contained rather than able to spread.
- Secrets encrypted at rest. Sensitive settings such as integration keys, notification webhooks, and your license key are now encrypted in the database instead of stored in the clear.
- Verified, signed update delivery. Updates are pinned and delivered by cryptographic digest over an authenticated channel, so your install only ever runs the exact, unmodified release we published.
- Hardened input handling and output sanitization across the application, reducing the risk that untrusted content can affect a page or another user.
- Tightened transport security — modern TLS only, a strict security-header set, and rate-limiting on sensitive endpoints.
Action needed — self-hosted proxy operators
If SummitPSA runs behind your own reverse proxy, 0.3.0 is the release to confirm that proxy forwards two request headers. Several of the protections above now depend on them:
X-Real-IP— the real client IP. Rate-limiting, account lockout, and audit logs all key on it; without it, every visitor looks like your proxy and those features misfire.X-Forwarded-Proto: https— tells SummitPSA the original request was secure, so it applies HSTS and the full security-header set.
Copy-and-paste nginx and Caddy configurations are in the Reverse-proxy reference (docs/reverse-proxy.md) shipped with your install. Managed and hosted customers need do nothing — we operate the proxy for you, and this is already in place.
Upgrading
0.3.0 is a standard, non-breaking upgrade. Database changes are additive and run automatically on first boot, and the in-app updater installs the release by its verified digest. Follow your normal upgrade steps, and keep your previous version available as a rollback, as always.
Still on our list
A small number of low-severity, non-exploitable advisories in bundled third-party components are tracked for an upcoming framework-update release. None are known to affect SummitPSA in normal operation; we are folding them into that planned update rather than shipping a rushed dependency change.
Questions about your upgrade or your proxy configuration? Reach out through your usual SummitPSA support channel — we’re happy to help.