Pulp Engine Document Rendering
Get started
Release v0.53.3

Release v0.53.3

Date: 2026-04-05

Remote resource egress control, storage instrumentation, and observability improvements.

Remote resource egress control

BLOCK_REMOTE_RESOURCES + ALLOWED_REMOTE_ORIGINS

Two new environment variables provide defence-in-depth control over outbound network fetches during PDF rendering:

  • BLOCK_REMOTE_RESOURCES=true blocks all http/https fetches during rendering unless the origin is in ALLOWED_REMOTE_ORIGINS. Only data: URIs are permitted unconditionally (assets are pre-inlined before dispatch).
  • ALLOWED_REMOTE_ORIGINS is a comma-separated list of normalised URL origins permitted when blocking is active (e.g. https://fonts.googleapis.com,https://fonts.gstatic.com).

Enforcement is layered:

  1. html-renderer — font @import URLs are filtered against the allowlist before HTML output, preventing dead @import rules.
  2. pdf-renderer — Puppeteer request interception blocks fetches whose origin is not in the allowlist (Layer 1.5, before SSRF checks).

Advisory warnings fire when ALLOWED_REMOTE_ORIGINS is set without BLOCK_REMOTE_RESOURCES, and when hardening is active without egress control configured.

Config validation tests

7 new tests for BLOCK_REMOTE_RESOURCES and ALLOWED_REMOTE_ORIGINS parsing, defaults, malformed origin rejection, and advisory warning behaviour.

html-renderer tests

6 new tests for remoteResourcePolicy font filtering: blockAll, allowedOrigins, mixed filtering, no-policy baseline.

Storage instrumentation

instrumented-store.ts

New decorator wrapping ITemplateStore and IAssetStore with Prometheus pulp_engine_storage_operation_duration_seconds histograms. Measures every store operation (list, get, create, update, delete, ping) with store and operation labels.

Asset-inline timing

New pulp_engine_asset_inline_duration_seconds histogram tracks time spent inlining assets into rendered HTML before PDF conversion.

Render queue depth

New pulp_engine_render_queue_depth gauge exposes the number of render jobs waiting for a page slot (in-process mode). getQueueDepth() exported from @pulp-engine/pdf-renderer.

Observability and API improvements

Structured log enrichment

Render failure log entries now include templateKey for production PDF, production HTML, and preview PDF routes.

OpenAPI surface

  • operationId and description added to POST /templates/:key/validate (validateTemplateData) and POST /render/validate (validateTemplateDefinition)
  • Validation endpoint comparison table added to docs/api-guide.md

HARDEN_PRODUCTION default

HARDEN_PRODUCTION now auto-derives from NODE_ENV=production (the Docker default). Set HARDEN_PRODUCTION=false to explicitly opt out. README updated to reflect new default-on semantics.

Editor

PropertiesPanel cleanup

Removed auto-tab-switch side effect that forced the properties tab on richText selection. The behaviour was disruptive when users were working in other tabs.

CI

Docker smoke test fix

CI Docker smoke test now sets HARDEN_PRODUCTION=false since the smoke environment does not configure all required security controls.

← Back to releases