- Kill PTY and notify client after 30 min of inactivity (IDLE_TIMEOUT_MS)
- Buffer client messages during async auth/IP fetch to prevent race-condition
message loss on fast reconnects
- Replay last sent command after transient reconnect so PTY respawns without
user interaction
- Preserve scrollback on disconnect/reconnect; write visible timestamp markers
instead of wiping term state
- Handle idle-timeout sentinel on client with user-facing error message
Proxies (Cloudflare, nginx) drop idle WebSocket connections before the
application notices, leaving clients typing into dead sockets.
- Add server-side ping/pong heartbeat (30s) in terminal-server.js;
terminate unresponsive clients instead of letting connections go stale
- Move client keepAlive interval start to the connect event so it
restarts correctly after reconnects
- Remove hidden-tab keepalive short-circuit — server pings now own
liveness; suppressing client pings while hidden masked proxy drops
- Fix clearAllTimers to use clearTimeout for one-shot timers
- On visibility resume, probe with a 5s timeout instead of the default
35s so half-open sockets are detected quickly
- Bump coolify-realtime to 1.0.14 across all compose files
Add wheel, touch, and keyboard event handlers to log containers in
deployment and get-logs views. Auto-follow disables when user scrolls
up; re-enables when user scrolls back to bottom (within 10px threshold).
Dockerfile buildpack was passing --network {custom_network_name} to
docker build, but BuildKit only supports host, none, and default.
Every other buildpack already uses --network host with --add-host
flags. Aligned the Dockerfile path to match.
Fixes#9804
Replace the flat character-class regex for SHELL_SAFE_COMMAND_PATTERN with
a token-aware alternation. The parser now recognizes explicit tokens
(`&&`, `||`, balanced single/double quotes, whitespace, and an unquoted
safe-char run) instead of a bag of characters, which lets us extend the
accepted grammar without loosening the guarantees.
New surface area, with tests:
- logical OR chaining (`make build || make clean`)
- shell globs and bang (`rm *.tmp`, `cp src/?.js dist/`, `! grep -q foo`)
- single-quoted arguments are now treated as balanced runs rather than
rejected per-character
Preserved surface area:
- && chaining, balanced "..." and '...' quotes, the previous safe path /
argument characters, and the existing error-path contract in
ApplicationDeploymentJob::validateShellSafeCommand().
Also refreshes the user-facing validation messages in General.php so the
allow/deny list shown on failure matches the new grammar.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
Apply escapeshellarg() to the Postgres username before interpolating it
into the chown command used to fix SSL certificate ownership, matching
the handling already in place for StartMysql. This keeps the sink-side
escaping consistent across database actions, independent of upstream
input validation.
Also adjusts an assertion in DatabaseSslCredentialEscapingTest to match
the actual double-escaped output of executeInDocker, and adds Postgres
regression cases for subshell and semicolon payloads.
Validate new init-script filenames against path traversal and shell
metacharacters via a new validateFilenameSafe() helper, and harden the
write/delete paths with basename() + escapeshellarg() so legacy rows
still deploy and can be cleaned up without regressions.
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
