v1.0.11

Release Notes

• Logging stability: Fixed duplicate logging initialization to prevent double startup logs.
• Scheduler reliability: Improved state handling and restored last check-in timestamps when items are re-enabled.
• Backup management: Added automatic pruning of old backups and a manual pruning task in Admin Tools.
• UI improvements: Disabled items now show a red badge; editing of enabled items from the Schedule tab is prevented.
• Build updates: Upgraded Go to 1.24.4 and updated healthcheck and dependencies.
• Debug fix: Resolved issue with raw HTML debug output rendering.

🔧 Commits

• e7ca655: Fix logging duplicate initialization and update hashes
• bd9cacc: Updated Edit on Schedule tab behavior
• 52a8f86: Restore last check-in timestamp when item is enabled
• 62e9b83: Set Disabled badges color to red
• ab0fc0e: add manual backup pruning task
• 5ec77fb: add automatic pruning of old backups
• 7344afd: Upgrade Go to 1.24.4 and update healthcheck/requirements
• c4f2efa: fix raw HTML debug rendering

v1.0.10

Release Notes

• Security hardening: Eliminated use of innerHTML in Stimulus controllers to prevent potential DOM-based XSS, resolving a CodeQL alert.
• Build optimization: Reduced container build time by prebuilding only 6 essential Python wheels, minimizing runtime installs.

🔧 Commits

• 422af1d (HEAD -> main) fix(js): eliminate innerHTML injection to prevent DOM-based XSS (CodeQL warning)
• de2ec60: Fixed prebuilt wheels; only 6 packages now built during image creation

v1.0.9

Release Notes

This release improves security and performance by redacting sensitive SMTP values from the admin UI and optimizing the Docker image using .pyc-only mode with prebuilt Python wheels. It also fixes login redirect behavior for unauthenticated check-in links and improves client-side error logging and UI responsiveness.

🔧 Commits

• 8ab674e: Optimize: switch to .pyc-only runtime and slim down Dockerfile
• 6ace260: Feat(build): Add prebuilt wheels workflow for faster container builds
• ea73912: Redacted sensitive data from STMP settings tab.
• 49d242e: Fix login redirect for unauthenticated check-in links by preserving safe relative next paths to comply with CSP, and update login flow to restore post-login redirects.
• f002b32: Updated profile downdown controller to auto close menu when link is clicked
• c09b158: Improve client logging and fix /server-time error on unauthenticated pages

v1.0.8

Release Notes

• Added login screen animation for a more polished user experience.
• UI customization settings (theme, font, spacing, etc.) are now persisted via localStorage using global Stimulus controllers.
• Fixed a regression where the version status label appeared incorrectly when the sidebar was collapsed on initial load.
• Adjusted collapsed sidebar width for better alignment and usability.
• Downgraded insecure crypto log message from warning to info level to reduce log noise.

🔧 Commits

• 35e0d9f: Fix sidebar label visibility for version check on initial load
• fb0a44d: Added login screen animation, persist UI customizations via localStorage with global Stimulus controllers, fix missing target errors, adjust collapsed sidebar width, and downgrade insecure crypto log to info.

v1.0.7

Release Notes

• Full client fingerprinting for better issue correlation
• Comprehensive client-side logging: JavaScript errors, HTMX/Stimulus activity, performance timing, and console output
• Support for capturing failed resource loads (e.g., CSS, JS) while suppressing expected noise
• Improved healthcheck behavior with respect to BASE_URL and redirect handling

🔧 Commits

• eb0ee3b: Enhance debug export with dropdown navigation, page preload, dynamic filename, and full Stimulus/HTMX state capture.
• 4984195: Add anonymous client fingerprint to browser logging for improved debugging and issue correlation.
• a20e3f2: Add full client-side error and performance logging: Stimulus, HTMX, JS, console, and load metrics
• dab0996: enhance JS error logging to include resource load failures and suppress expected noise from allowed routes
• bf26fc2: make healthcheck respect BASE_URL and fail on redirects

v1.0.6

Release Notes

• Tested and bixed base_url with somethgin other than grylli to find remaining hard coded paths. Fixed stimulus controller over HTTPS on iOS.

🔧 Commits

• 9414c6b: Fixed fonts to be properly served honoring base_url
• 081c653: Fixed base url for logging in stimulus controller
• 508de45: Remove hardcoded /grylli/ paths and replace with dynamic BASE_URL and FQDN references.
• c22def4: Fix Stimulus not loading in iOS over HTTPS
• 481411c: Fix path traversal vulnerability in font serving route
• 76a196b: v1.0.5 release notes

v1.0.5

Release Notes

• This release adds tamper protection for user accounts by verifying the email integrity hash during login and denying access if the data has been altered. It also introduces encryption for sensitive user-defined fields (e.g., Message subjects, Reminder text, Email recipients) using property-based access for seamless security. Admins can no longer change user emails directly, further hardening account integrity.

🔧 Commits

• d4fd685: Added email integrity hash for tamper detection and validation during login
• db18f4b: Removed ability for admins to change user email address
• 4d474c0: Changed Reminder is_enabled default from True to False in the model
• b3cfaf7: Changed new Reminder is_enabled from True to False
• a7947fe: Encrypted sensitive user fields for Messages, Emails, and Reminders using property-based access
• 7a1a35a: Fix service worker to support dynamic base path and external background pattern loading

v1.0.4

📝 Release Notes

• Refined UI by adding a Home icon to the sidebar and updating translations for improved clarity and localization.

🔧 Commits

• 113f4fa: Updated translations and added icon to Home in sidebar

v1.0.3

Release Notes

• Created Customization page in profile dropdown menu. Moved existing controls to it and added a few more for accessibility.

🔧 Commits

• e93c5cc: Update profile dropdown to set page titles via profile-title controller
• 2b2c867: Moved UI customization to dedicated page; added global controls for font size, contrast, tracking, line height, and roundedness
• 5037be9: Added font size selector
• c6cec91: Removed temp font.css used for debugging from project root
• 2667eef: Shortened version text in sidebar footer to accomodate larger fonts

v1.0.2

Release Notes

• Added ability for end user to set a background image bases on patterns and change the font.
• Implemented further file integrity checks to entrypoint.

🔧 Commits

• b13cf53: 📝 Add release notes for v1.0.1
• 316f7fb: Added font selector integrated with Tailwind, config.py, and dynamic font CSS with supporting routes and controller
• 3af7b96: Added floating-cogs and wavey-fingerprint backgrounds
• 2868865: Add background pattern selector and Stimulus controller
• e77d4f0: Added bg image and applied solid backgrounds and consistent card styling across all tables
• b4d2dda: Fixed early version check in entrypoint
• c518c64: Updated entrypoint.go
• 045bd01: Added file integrity to entrypoint.go
• c79d0cf: Updated docker compose example to read-only fs
• 886527c: Add release notes for v1.0.1
• a59c1e7: v1.0.1
• 17643ea: Release v1.0.1