KeyJolt v1.0.1-secure – Hardened Security & Cleanup Release

✅ Overview
This release focuses on comprehensive cleanup, security hardening, and production readiness for the KeyJolt Spring Boot web application. It includes improved header policies, a sanitized config template, and updated build hygiene for secure deployment on self-hosted environments.

🔒 Security Enhancements
✅ Added HTTP security headers:

Strict-Transport-Security (HSTS)

Content-Security-Policy (CSP)

X-XSS-Protection

Referrer-Policy

✅ Hardened Spring Security config using SecurityFilterChain (Java 17 / Spring Boot 3.2)

✅ Denied known bot routes (e.g., /wp-admin/**, /wp-login.php)

✅ Stateless session policy (ideal for RESTful design)

🧹 Code & Config Cleanup
✅ Removed unused debug/test files and stale imports

✅ Hardened .gitignore (ignores target, secrets, IDE files)

✅ Cleaned unused dependencies from pom.xml

✅ Removed all console.log() and debug code from frontend JS

✅ Created application-example.properties to document required config securely

🧪 Build & Deployment
✅ mvn clean verify passes cleanly (Java 17)

✅ Outputs a production-ready fat JAR:

bash
Copy
Edit
target/keyjolt-1.0.0.jar
⚠️ Note: Deprecated method warning in KeyController.java (non-blocking)

📎 Recommended for
Self-hosted Linux server deployments (e.g., PiApps on Raspberry Pi 5)

Environments requiring basic PGP key management tools with secure file delivery

Custom deployments with CORS-limited origins

🏷 Suggested Upgrade Path
This is a non-breaking upgrade from v1.0.0, safe to apply immediately.

To upgrade:

bash
Copy
Edit
git pull origin main
mvn clean verify
java -jar target/keyjolt-1.0.0.jar
🧭 Next Milestones (Planned)
🔐 Persistent user management (replace in-memory admin)

🔄 API token generation and expiration support

🧪 Unit/integration test coverage for cryptographic operations

🌐 Optional Dockerization for container-based deployment

🙌 Thanks
Maintained by 0xWulf — for questions, issues, or contributions, open an Issue or PR on GitHub.