Skip to content

Rendiff: Complete Rebrand, Security Fixes, and Documentation #30

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
alokemajumder merged 1 commit into from
Dec 7, 2025
Merged

Rendiff: Complete Rebrand, Security Fixes, and Documentation #30

alokemajumder merged 1 commit into from
Dec 7, 2025

Conversation

@alokemajumder
Copy link
Collaborator

@alokemajumder alokemajumder commented Dec 7, 2025
edited
Loading

Summary

Complete rebrand from ffmpeg-api to Rendiff with security fixes, stability improvements, and comprehensive documentation.

Rebrand Changes

  • Renamed project from ffmpeg-api to rendiff-dev
  • Updated all container names: ffmpeg_*rendiff_*
  • Updated network: ffmpeg-netrendiff-net
  • Updated database: ffmpeg_apirendiff, user: ffmpeg_userrendiff_user
  • Added proper FFmpeg acknowledgment in README and docs
  • Updated all repo URLs to rendiffdev/rendiff-dev

Security Fixes

  • Fix SSRF protection with proper CIDR range checking (ipaddress module)
  • Now blocks 172.16.0.0/12 (not all 172.x), IPv6 loopback, link-local, carrier-grade NAT
  • Block internal hostnames (.local, .internal)

Stability Fixes

  • Fix webhook delivery in error handlers (missing asyncio.run())
  • Fix Docker compose container_name vs replicas conflict
  • Add cached storage config to avoid blocking I/O in async context

Configuration Improvements

  • Add MAX_OPERATIONS_PER_JOB setting (consolidated from hardcoded values)
  • Update default credentials to obvious dev-only values with warnings

Documentation

  • Add comprehensive developer docs (docs/developer/)
    • Architecture, Development Setup, Contributing, API Internals
  • Add user manual (docs/user-manual/)
    • Getting Started, API Reference, Configuration, Troubleshooting
  • Add main docs index (docs/README.md)

Files Changed

  • 33 files modified
  • 4,747 lines added, 183 lines removed
  • 11 new documentation files

Test Plan

  • Docker compose validates: docker compose config
  • Python syntax validates for all modified files
  • Verify webhook blocking with private IPs
  • Verify operation limits are enforced
  • Test container startup with new names

@alokemajumder
Fix critical security and stability issues from audit
0f6bc50 
Security Fixes:
- Fix SSRF protection with proper CIDR range checking (ipaddress module)
- Now blocks 172.16.0.0/12, IPv6 loopback, link-local, carrier-grade NAT
- Block internal hostnames (.local, .internal)

Stability Fixes:
- Fix Docker container_name vs replicas conflict in compose.yml
- Fix async webhook calls missing asyncio.run() in error handlers
- Fix synchronous file I/O in async context (cached storage config)

Configuration Improvements:
- Add MAX_OPERATIONS_PER_JOB setting (consolidated from hardcoded values)
- Update default credentials to clearly dev-only values
- Add warning comments about development-only defaults

Documentation:
- Add comprehensive developer documentation (docs/developer/)
- Add user manual documentation (docs/user-manual/)
- Update project branding to Rendiff with FFmpeg acknowledgment
@alokemajumder alokemajumder merged commit 506a4d8 into main Dec 7, 2025
2 of 3 checks passed
@gensecai-dev gensecai-dev deleted the CriticalFixes branch December 7, 2025 18:00
@alokemajumder alokemajumder changed the title Security and Stability Improvements Rendiff: Complete Rebrand, Security Fixes, and Documentation Dec 7, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@gensecai-dev gensecai-dev gensecai-dev approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@alokemajumder @gensecai-dev