Releases: HemmeligOrg/Hemmelig.app
User Management
This PR will:
- Create a root user that has to be set from the env vars
- Create admin settings
- Create user roles
- Create a prehandler to verify i.e. read only setting
- Create a prehandler for disabled users
It will remove the env var named "SECRET_DISABLE_USER" as this is now available in the admin settings page
What's Changed
Full Changelog: v5.0.0...v5.1.0
Contributors
Assets 2
OMG SQLite
This is a breaking BREAKING release. Important to read this:
Hemmelig has changed from using Redis to SQLite as a backend. This will make it easier going forward creating a more feature rich application.
However, this means you have to get rid of your Redis instance, and setting the volume for your sqlite database file when you start the docker container. This is added to the docker-compose file. Example of bare minimum docker run:
docker run -p 3000:3000 -d --name=hemmelig \
-v ./data/hemmelig/:/var/tmp/hemmelig/upload/files \ # For the file uploads
-v ./database/:/home/node/hemmelig/database/ \ # For the sqlite database
hemmeligapp/hemmelig:v5.0.0If you wish to migrate from Redis to SQLite, feel free to do so. We have not created a migrator for this. One drawback here is that you have to reset all passwords for the users as we have removed validator.escape(), which means the passwords will change a bit before being hashed.
Important changes
- refactor: change from cra to vite by @bjarneo in #169
- feat: add sqlite as a database using prisma orm by @bjarneo in #170
Full Changelog: v4.4.0...v5.0.0
Contributors
Assets 2
Cookie Hash
What's Changed
- feat(cookie): change the flow to use cookies for sign in / out / up by @bjarneo in #164
- fix: allow redis.user to be optional for AUTH by @hello-woof in #165
- feat: change the application to use url hash for the encryption key by @bjarneo in #167
New Contributors
- @hello-woof made their first contribution in #165
Full Changelog: v4.3.0...v4.4.0
Contributors
Assets 2
v4.3.0
IMPORTANT NOTE:
Since the CSP header has been added, it is really important to use the SECRET_HOST for you application. If not, the application might fail.
What's Changed
-
feat: support fig complete by @Rhythmicc in #153
-
chore(deps): bump http-cache-semantics from 4.1.0 to 4.1.1 by @dependabot in #156
-
chore(deps): bump json5 from 1.0.1 to 1.0.2 by @dependabot in #152
-
chore(deps): bump @fastify/multipart from 7.1.1 to 7.4.1 by @dependabot in #157
-
Updating build actions to include ARM architecture by @mxmeeple in #159
-
fix the local dev proxy host
-
security: add CSP header
-
feat: add yaml support to the cli
-
removed the bleeding edge docker image build
New Contributors
- @Rhythmicc made their first contribution in #153
- @mxmeeple made their first contribution in #159
Full Changelog: v4.2.0...v4.3.0
Contributors
Assets 2
v4.2.0
What's Changed
- Spanish translation by @luismanson in #90
- Added automatic language detection + German translation by @RainerZufahl in #88
- UI fixes by @RainerZufahl in #100
- Updated strings to match with current version by @RainerZufahl in #101
- fix for issue #4 feat: add PWA support, service-worker, masked icon by @theonly1me in #109
- docs: #110 Add contributors badge to the README by @bjarneo in #111
- fix: change the views text, and and views left feature by @bjarneo in #112
- fix: make the prevent burn logic work by @bjarneo in #113
- security: make the user verify their password before being able to change it by @bjarneo in #115
- Leverage the useForm everywhere-Signin,Signup,Secret-creation [fixes #118] by @najeebkp in #119
- ⚡ added confirm password field by @PranjalAgni in #120
- Use correct env variable in README.md by @casperklein in #121
- Add docker-compose.yml by @casperklein in #123
- Fix for issue #107: Leverage the redux state for sign in / out by @theonly1me in #124
- Fix for issue #125 Multiple users are able to sign up with the same email by @theonly1me in #126
- Feature: Link to QR code Functionality Added. by @SankalpaFernando in #128
- feat: added issue template by @bhattabhi013 in #135
- feat: add cli support by @bjarneo in #136
- Cleanup: delete and ignore temporary OS files (.DS_Store) by @jodaAtGithub in #139
- chore(deps): bump decode-uri-component from 0.2.0 to 0.2.2 by @dependabot in #145
- chore(deps): bump jsonwebtoken and fastify-jwt by @dependabot in #149
- chore(deps): bump fastify from 4.9.1 to 4.10.2 by @dependabot in #143
New Contributors
- @luismanson made their first contribution in #90
- @RainerZufahl made their first contribution in #88
- @theonly1me made their first contribution in #109
- @najeebkp made their first contribution in #119
- @PranjalAgni made their first contribution in #120
- @casperklein made their first contribution in #121
- @SankalpaFernando made their first contribution in #128
- @bhattabhi013 made their first contribution in #135
- @jodaAtGithub made their first contribution in #139
Full Changelog: v4.1.0...v4.2.0
Contributors
Assets 2
Zip It
Features
- When files are uploaded, they will be zipped in the browser, encrypted, and posted to the server. This means the download will be a zip file instead of x files.
- Make it possible to deactivate user registration for your self hosted instance
27fc1d1 - docs: update documentation
976807b - chore: change the loading overlay a bit
85b44f9 - chore: remove wrongly added dependencies
6819962 - feat: zip the files, encrypt the zip file, upload
c91e199 - chore: add code owners file
b061286 - fix: remove the complaint about not adding the form element
7ab2ca1 - feat: make it possible to disable user registration
Client Encryption
v4.0.0
This is a breaking release, which means that when you use this version, you can't access the old secrets if you still have any in your redis instance. You can't decrypt the files. This release will encrypt the information in the browser, and post the encrypted content to the backend.
f83be9f - chore: update error message
8fc86be - chore: remove unused encryption key
73b18af - chore: adjust the secret id key generation
d1d8070 - Revert "chore: remove keygen code which is not in use anymore"
491befd - chore: remove keygen code which is not in use anymore
82db779 - docs: remove master key from the example
e9cf3cf - docs: update
361b970 - chore: fix code smells
ff71855 - fix: secret id variable
e51c624 - chore: encrypt the title
9a1a84c - feat: add file encryption on the client side
92ae5ce - feat: add client encryption and decryption of the text input
bb0202a - docs: update the encryption and gotchas
74c4ee3 - fix: validate if the secret id does exist
6f2e0b3 - chore: remove comment which is not valid
54bc55c - fix: check if the incoming secret id from the download files is valid
e50d0e8 - chore: add i18n packages
Optional fields
50bdfac - fix: check certain fields so it is possible to use curl without defining every form element
Full Changelog: v3.8.0...v3.9.0
Multi Upload
6669340 - chore: remove compress and let the reverse proxy handle it
69440ef - chore: set max file informational error message
80a11d4 - feat: allow multiple uploads
015ccb8 - feat: allow all kinds of files
5a767f0 - feat: CIDR is now allowed to use in the ip field (
8ed01cb - chore: remove unused dependency
8d79ddd - chore: allow .txt .svg .md and so on
Modern Server
6558a15 - docs: add more features
a6cb9aa - chore: change the stats route
ba3055f - feat: add a stats endpoint
ae77ab1 - fix: a bug where files are deleted before they are downloaded
1553383 - feat: set a loader to the secret creation button
45d4fdd - chore: shorten the text
133755d - feat: add max views per secret
ffd1aa9 - fix: disable crossOriginEmbedderPolicy to allow fetching fonts
905c590 - fix: the es6 path __dirname bug
a5ec0dd - chore: update fastify to newest version
9865618 - chore: refactor the application to use es6 import and exports
f2510be - chore: do not run certain workflows if readme files and the .github folder updates
7952b56 - fix: lowercase the docker image tag
3a3a6cb - security: scan the docker image
b18139a - chore: rename the build name
395abc7 - security: add github repository scan with trivy