yoinkkk/ExcaliDash
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore: pre-release v0.4.0-dev

Browse Source
This commit is contained in:
Zimeng Xiong
2026-02-07 08:58:51 -08:00
parent f214e4f7b7
commit bbb23ca661
4 changed files with 9 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files
RELEASE.md
+6 -40
View File
@@ -1,43 +1,9 @@
CSRF Protection (8a78b2b) Multi user setup is opt-in, single user by default
- Implemented comprehensive CSRF (Cross-Site Request Forgery) protection for enhanced security Multi-user support for excalidash
- Added new backend/src/security.ts module for security utilities - Admin dashboard
- Frontend API layer now handles CSRF tokens automatically - Password reset, force user password reset (admin only), account lockout recovery
- Added integration tests for CSRF validation - Rate limits
Upload Progress Indicator (8f9b9b4) Deprecates .json and .sqlite database backups in favor of .excalidash archives (user scoped, prevents exporting of senstive information). Legacy import is maintained.
- Added a visual upload progress bar when users upload files
- New UploadContext for managing upload state across components
- New UploadStatus component displaying real-time upload progress
- Save status indicator when navigating back from the editor
- Improved error handling and recovery for failed uploads
Bug Fixes
- Fixed broken e2e tests (cae8f3c)
- Replaced deprecated substr() with substring()
- Fixed stale state issues in error handling
- Fixed missing useEffect dependencies
- Fixed CSS class conflicts in progress bar styling
- Added error recovery for save state in Editor
Infrastructure
- Updated docker-compose configurations with new environment variables
- E2E test suite improvements and reliability fixes
- Added Kubernetes deployment note in README
### Kubernetes
A `CSRF_SECRET` environment variable is now required for CSRF protection. Generate a secure 32+ character random string:
```bash
openssl rand -base64 32
Add it to your deployment:
- Docker Compose: Add CSRF_SECRET=<your-secret> to the backend service environment
- Kubernetes: Add to your ConfigMap/Secret and reference in the backend deployment
If not set, the backend will refuse to start.
```
VERSION
+1 -1
View File
@@ -1 +1 @@
0.3.2 0.4.0
backend/package.json
+1 -1
View File
@@ -1,6 +1,6 @@
{ {
"name": "backend", "name": "backend",
"version": "0.3.2", "version": "0.4.0",
"description": "", "description": "",
"main": "index.js", "main": "index.js",
"scripts": { "scripts": {
frontend/package.json
+1 -1
View File
@@ -1,7 +1,7 @@
{ {
"name": "frontend", "name": "frontend",
"private": true, "private": true,
"version": "0.3.2", "version": "0.4.0",
"type": "module", "type": "module",
"scripts": { "scripts": {
"dev": "vite --port 6767", "dev": "vite --port 6767",