From bbb23ca661932fe58458c0e9c8ec79b0ad95a8a7 Mon Sep 17 00:00:00 2001 From: Zimeng Xiong Date: Sat, 7 Feb 2026 08:58:51 -0800 Subject: [PATCH] chore: pre-release v0.4.0-dev --- RELEASE.md | 46 ++++++------------------------------------- VERSION | 2 +- backend/package.json | 2 +- frontend/package.json | 2 +- 4 files changed, 9 insertions(+), 43 deletions(-) diff --git a/RELEASE.md b/RELEASE.md index ebbe11d..a767019 100644 --- a/RELEASE.md +++ b/RELEASE.md @@ -1,43 +1,9 @@ -CSRF Protection (8a78b2b) +Multi user setup is opt-in, single user by default - - Implemented comprehensive CSRF (Cross-Site Request Forgery) protection for enhanced security - - Added new backend/src/security.ts module for security utilities - - Frontend API layer now handles CSRF tokens automatically - - Added integration tests for CSRF validation +Multi-user support for excalidash +- Admin dashboard +- Password reset, force user password reset (admin only), account lockout recovery +- Rate limits - Upload Progress Indicator (8f9b9b4) +Deprecates .json and .sqlite database backups in favor of .excalidash archives (user scoped, prevents exporting of senstive information). Legacy import is maintained. - - Added a visual upload progress bar when users upload files - - New UploadContext for managing upload state across components - - New UploadStatus component displaying real-time upload progress - - Save status indicator when navigating back from the editor - - Improved error handling and recovery for failed uploads - - Bug Fixes - - - Fixed broken e2e tests (cae8f3c) - - Replaced deprecated substr() with substring() - - Fixed stale state issues in error handling - - Fixed missing useEffect dependencies - - Fixed CSS class conflicts in progress bar styling - - Added error recovery for save state in Editor - - Infrastructure - - - Updated docker-compose configurations with new environment variables - - E2E test suite improvements and reliability fixes - - Added Kubernetes deployment note in README - -### Kubernetes - - A `CSRF_SECRET` environment variable is now required for CSRF protection. Generate a secure 32+ character random string: - - ```bash - openssl rand -base64 32 - - Add it to your deployment: - - Docker Compose: Add CSRF_SECRET= to the backend service environment - - Kubernetes: Add to your ConfigMap/Secret and reference in the backend deployment - - If not set, the backend will refuse to start. - ``` diff --git a/VERSION b/VERSION index d15723f..1d0ba9e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.2 +0.4.0 diff --git a/backend/package.json b/backend/package.json index ffd25fd..3dae9a0 100644 --- a/backend/package.json +++ b/backend/package.json @@ -1,6 +1,6 @@ { "name": "backend", - "version": "0.3.2", + "version": "0.4.0", "description": "", "main": "index.js", "scripts": { diff --git a/frontend/package.json b/frontend/package.json index 3ebd7a2..baf6aeb 100644 --- a/frontend/package.json +++ b/frontend/package.json @@ -1,7 +1,7 @@ { "name": "frontend", "private": true, - "version": "0.3.2", + "version": "0.4.0", "type": "module", "scripts": { "dev": "vite --port 6767",