- Add polling delay to ensure terminal output appears immediately
- Update dashboard to refresh client list dynamically without page reload
- Fix dashboard layout with proper container
- Update debug logging to exclude frequent polling requests
- Embed updated HTML templates

- Remove template copying from wsssh-server package since templates are now embedded in wssshd2 binary
- Fix erroneous wssshd.py installation in wssshtools package
- Update both package changelogs to version 1.7.0-1

- wssshd2/assets.c: Modified to handle users page dynamically instead of static HTML
- wssshd2/configure.sh: Added SQLite3 library dependency checking and linking

These changes ensure proper SQLite integration in the build system and dynamic user management interface.

- README.md: Updated installation, architecture, and build instructions for C implementation
- CHANGELOG.md: Added v1.7.0 entry documenting major transition from Python to C
- DOCUMENTATION.md: Updated project structure, dependencies, and build instructions
- TODO.md: Added v1.7.0 completion status and updated roadmap

All documentation now reflects the new C-based architecture with SQLite database and embedded web interface.

- Removed templates/ directory (no longer needed with embedded HTML)
- Removed wssshd.py (Python server entry point)
- Removed wsssd/ directory (entire Python server implementation)
- Project now uses only wssshd2/ C implementation
- Cleaner codebase with single server implementation
- Reduced maintenance overhead and confusion

- Updated package version from 1.6.1-1 to 1.6.5-1 for consistency
- Added changelog entry documenting the transition to C binary
- Maintained version alignment with wssshtools package
- Preserved all existing package functionality and dependencies

- Change build dependencies from Python to C build tools (gcc, make, libssl-dev, libsqlite3-dev, uuid-dev)
- Update runtime dependencies to include libsqlite3-0 and libssl3
- Modify debian/rules to build wssshd2 C binary instead of PyInstaller
- Update man page with C version command line options
- Update package description to reflect C binary with embedded web interface
- Keep all existing init scripts, logrotate, and service files unchanged
- Maintain same user creation and path configurations

- Add SQLite support with proper database initialization
- Create users table with id, username, password_hash, is_admin columns
- Implement user management functions (add, update, delete, find)
- Add security warning for default admin credentials
- Add ASCII art banner on startup
- Fix login/logout redirects to home page
- Add --debug-database option for database operations logging
- Support root user directory selection (/etc/wssshd vs ~/.config/wssshd)
- Generate dynamic user management interface
- Maintain compatibility with existing web interface features

- Added --debug-web command line option for comprehensive web request debugging
- Fixed HTTP request parsing to properly separate headers from POST body
- Implemented Content-Length based body extraction for reliable form data parsing
- Added extensive debug output for troubleshooting web requests
- Updated configuration system to support debug_web flag

The login form now correctly parses username/password from POST requests.

- Added debug_web flag to wssshd_config_t structure
- Added --debug-web command line option parsing
- Added comprehensive debug output for web requests including:
  * Request method, path, query parameters, and content
  * Session validation and authentication status
  * Login attempts with username/password logging
  * HTTP response details (status, headers, content type, length)
- Updated help text and configuration display
- Fixed compiler warning in debug output

- Moved login page HTML to html_pages/login_page.h
- Moved users page HTML to html_pages/users_page.h
- Updated assets.c to use templates from header files
- Updated web.c to use login and users templates directly
- Updated configure.sh and regenerated Makefile with all new dependencies

- Created html_pages/ directory for HTML templates
- Moved index page HTML template to html_pages/index_page.h
- Moved terminal page HTML template to html_pages/terminal_page.h
- Updated web.c to use templates from header files instead of embedded strings
- Updated configure.sh to include new header file dependencies in generated Makefile

- Move web_start_server() before websocket_start_server() to ensure web server starts
- Implement full HTTP server with request parsing and response handling
- Fix HTTP redirect to properly send Location header instead of Set-Cookie
- Remove non-blocking socket setting that caused inconsistent responses
- Update shutdown sequence to stop web server before WebSocket server

- Fix wssshc tunnel uptime display by correcting start_time initialization
- Standardize tunnel uptime formatting in wssshd2 to match wssshc (days-hours:minutes:seconds)
- Fix wssshd2 last rate calculation to use data transferred since last status print instead of accumulated period

- Add missing start_time assignment in wsssht tunnel creation
- Update uptime display to show days-hours:minutes:seconds format
- Improve last rate calculation in wssshc status display to use actual time intervals

- Added format_bytes() function to display data sizes in B, kB, MB, or GB with 2 decimal places
- Updated status logging in both wssshc.c and wssshd2/websocket.c to use formatted data sizes for total data, sent/received bytes, and transfer rates

- Added log_message() function to prepend YYYY-MM-DD HH:MM:SS timestamps to log messages
- Updated all non-debug printf statements to use log_message() in wssshc.c and wssshd2/websocket.c
- Fixed variable redefinition issues in wssshc.c
- Adapted status logging to use correct tunnel_t fields for wssshd2

- Modified wssshc.c to print status every 15 seconds instead of 60
- Added status printing thread to wssshd2 that prints uptime and active tunnels every 15 seconds when not in debug mode

- Modified websocket_handle_message to properly forward tunnel_close messages
  to the correct endpoint regardless of sender (wssshc or wsssht)
- Fixed build warning by casting ws_state_t to int
- Added client registration/disconnection events in non-debug mode

Simplify ws_connection_is_healthy to avoid false positives from SSL_peek.
The complex SSL_peek-based health check was incorrectly marking healthy
connections as unhealthy, causing premature tunnel closures during
wsscp file transfers. Now uses simple state checks and relies on
send/receive operations to determine actual connection health.

- Add comprehensive thread-safety with mutex locks for all shared data structures
- Implement proper tunnel cleanup when websocket connections close to prevent use-after-free
- Add immediate connection state updates when receive operations fail to prevent race conditions
- Enhance error handling with graceful failure management for SSL operations
- Prevent server crashes during client disconnections and file transfer interruptions

Root cause: Use-after-free vulnerability when freed websocket connections were still referenced by active tunnels during client interruptions.

Solution: Complete overhaul of connection lifecycle management with proper synchronization and cleanup procedures.

Fixes issue where pressing Ctrl+C during wsscp file transfers caused wssshd2 to segfault.

- Add comprehensive error handling for pong frame transmission
- Improve SSL error diagnostics in ws_send_frame function
- Add connection state validation before sending frames
- Prevent sending frames on broken or NULL connections
- Better handling of SSL write failures with detailed error reporting
- Graceful degradation when pong frames fail to send
- Enhanced debugging for connection stability issues

The server now handles network interruptions and SSL timeouts more gracefully,
preventing premature connection closures during large file transfers.

- Set payload limits to 50MB for both client and server
- Maintains protection against memory exhaustion attacks
- Large files still work through SCP chunking mechanism
- 50MB limit provides good balance of security and functionality

Individual WebSocket frames limited to 50MB:
- Protects against DoS attacks with oversized frames
- Large files transferred as multiple smaller chunks
- Total file size remains unlimited

- Documented comprehensive bounds checking in wssshd2/websocket.c
- Added details about JSON structure validation
- Listed parameter length limits for security
- Explained DoS attack prevention measures
- Described heap corruption prevention through validated operations

- Added comprehensive bounds checking to all WebSocket message parsing
- Validate JSON structure (braces) before processing to prevent crashes
- Added length limits and bounds validation for all parameter extractions:
  * client_id: max 64 chars
  * password: max 256 chars
  * request_id: max 64 chars
  * enc/service/version: max 32 chars each
- Prevent buffer overflows that could corrupt heap metadata
- Ensure all string operations stay within allocated buffer bounds
- Server now logs errors and continues running instead of crashing on malformed packets
- Critical defense against DoS attacks via malformed WebSocket messages

- Documented critical security fix for heap corruption prevention
- Added details about comprehensive bounds validation in wsssht.c
- Explained protection against malformed JSON message attacks
- Described enhanced error handling and debug logging improvements

- Prevent heap corruption from malformed JSON messages
- Add bounds validation for all string operations in message parsing
- Ensure all pointers stay within payload buffer limits
- Validate data field lengths to prevent excessive memory allocation
- Protect against buffer overflows in tunnel_data, tunnel_close, tunnel_keepalive, tunnel_ack, and tunnel_ko message parsing
- Add debug logging for malformed messages to aid troubleshooting

- Documented wssshd memory corruption fix with bounds checking and validation
- Added details about WebSocket frame size reduction for large file transfers
- Explained technical fixes for heap corruption and network reliability issues

- Large WebSocket frames (131KB+) were causing SSL write failures during large file transfers
- Reduced MAX_CHUNK_SIZE from 65536 to 4096 bytes to create smaller, more manageable frames
- Smaller chunks improve network reliability and reduce timeout issues
- Hex-encoded 4KB binary data becomes 8KB frames, which is much more network-friendly

- Added bounds checking and validation for enc, service, and version parameter extraction
- Prevent buffer overflows by limiting parameter lengths to reasonable sizes (< 32 chars)
- Added null pointer and bounds validation before string operations
- Increased request_msg buffer size from 512 to 1024 bytes for safety
- Fixed potential heap corruption that was causing 'malloc(): invalid next size' errors