chore: pre-release v0.4.0-dev
This commit is contained in:
Zimeng Xiong
+6
-40
@@ -1,43 +1,9 @@
|
||||
CSRF Protection (8a78b2b)
|
||||
Multi user setup is opt-in, single user by default
|
||||
|
||||
- Implemented comprehensive CSRF (Cross-Site Request Forgery) protection for enhanced security
|
||||
- Added new backend/src/security.ts module for security utilities
|
||||
- Frontend API layer now handles CSRF tokens automatically
|
||||
- Added integration tests for CSRF validation
|
||||
Multi-user support for excalidash
|
||||
- Admin dashboard
|
||||
- Password reset, force user password reset (admin only), account lockout recovery
|
||||
- Rate limits
|
||||
|
||||
Upload Progress Indicator (8f9b9b4)
|
||||
Deprecates .json and .sqlite database backups in favor of .excalidash archives (user scoped, prevents exporting of senstive information). Legacy import is maintained.
|
||||
|
||||
- Added a visual upload progress bar when users upload files
|
||||
- New UploadContext for managing upload state across components
|
||||
- New UploadStatus component displaying real-time upload progress
|
||||
- Save status indicator when navigating back from the editor
|
||||
- Improved error handling and recovery for failed uploads
|
||||
|
||||
Bug Fixes
|
||||
|
||||
- Fixed broken e2e tests (cae8f3c)
|
||||
- Replaced deprecated substr() with substring()
|
||||
- Fixed stale state issues in error handling
|
||||
- Fixed missing useEffect dependencies
|
||||
- Fixed CSS class conflicts in progress bar styling
|
||||
- Added error recovery for save state in Editor
|
||||
|
||||
Infrastructure
|
||||
|
||||
- Updated docker-compose configurations with new environment variables
|
||||
- E2E test suite improvements and reliability fixes
|
||||
- Added Kubernetes deployment note in README
|
||||
|
||||
### Kubernetes
|
||||
|
||||
A `CSRF_SECRET` environment variable is now required for CSRF protection. Generate a secure 32+ character random string:
|
||||
|
||||
```bash
|
||||
openssl rand -base64 32
|
||||
|
||||
Add it to your deployment:
|
||||
- Docker Compose: Add CSRF_SECRET=<your-secret> to the backend service environment
|
||||
- Kubernetes: Add to your ConfigMap/Secret and reference in the backend deployment
|
||||
|
||||
If not set, the backend will refuse to start.
|
||||
```
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
{
|
||||
"name": "backend",
|
||||
"version": "0.3.2",
|
||||
"version": "0.4.0",
|
||||
"description": "",
|
||||
"main": "index.js",
|
||||
"scripts": {
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
{
|
||||
"name": "frontend",
|
||||
"private": true,
|
||||
"version": "0.3.2",
|
||||
"version": "0.4.0",
|
||||
"type": "module",
|
||||
"scripts": {
|
||||
"dev": "vite --port 6767",
|
||||
|
||||
Reference in New Issue
Block a user