Version 1.4.0 includes comprehensive security measures:

• ✅ API key authentication required
• ✅ Path traversal attacks blocked
• ✅ All inputs validated
• ✅ Security headers enabled
• ✅ CORS restricted
• ✅ Dependencies updated
• ✅ Error messages sanitized

Your API key is like a password - keep it private!

Docker → Container icon → Logs → Look for:

Generated temporary key: xxxxx

openssl rand -base64 32

Add to container's API_KEY environment variable.

1. Never share your API key
2. Don't expose port 8889 to internet - Local network only
3. Use VPN for remote access
4. Update container regularly
5. Check logs periodically

"401 Unauthorized"

• API key missing or wrong
• Check Docker logs for key

Lost API Key

1. Check Docker logs first
2. Or: Stop → Clear API_KEY → Start → New key in logs

Do NOT open public GitHub issues!

Email maintainer directly or create private security advisory on GitHub.

• API key saved securely
• FLASK_DEBUG is false
• Not exposed to internet
• Container updated
• Logs monitored

For more details, see CHANGELOG.md