v1.5.4

Bug Fixes

• Fix rate limiting blocking status polling during jobs - The job creation rate limiter was incorrectly applied to all routes under /api/export and /api/sync, including GET requests for status polling. Since polling happens every second during a running job, users would hit the 10 requests/minute limit after just 10 seconds, causing "Too many job requests" errors.

Changes

• Apply jobCreationRateLimiter only to POST requests that actually create jobs
• Increase job creation limit from 10 to 30 per minute for additional headroom
• GET requests (status polling, downloads) now use general rate limiting only (500 req/15min)

Full Changelog: v1.5.3...v1.5.4

v1.5.3

Changes

• Fix rate limiting blocking job status polling during restore - Skip rate limiting for GET requests to /api/jobs/* endpoints to prevent "Too many requests" errors during long import/restore operations
• Fix connection pool key collisions - Use full URL and username for connection pool keys instead of truncated base64, preventing collisions for similar connections
• Add cancel button to import overlay - Users can now cancel in-progress imports from the overlay

Full Changelog

v1.5.2...v1.5.3

v1.5.1 - Security Hardening Release

Security Fixes

• Upgrade multer to 2.0.2 - Fixes 4 HIGH CVEs:
  • CVE-2022-24434
  • CVE-2024-52798
  • CVE-2024-52799
  • CVE-2024-52800
• Add non-root USER to Docker containers - Both backend and frontend now run as non-root users
• Add explicit GCM auth tag length validation - Hardens encryption.ts against potential truncation attacks
• Fix command injection in diskSpace.ts - Replace execSync with execFileSync and add path sanitization
• Add path traversal protection - New sanitizeFilename and safePathJoin utilities

New Features

• GitHub Actions security scanning workflow - Automated scanning on every push/PR with:
  • CodeQL (code analysis)
  • Semgrep (SAST)
  • Trivy (container scanning)
  • npm audit (dependency vulnerabilities)
  • Gitleaks (secret detection)
  • Hadolint (Dockerfile linting)
  • Checkov (IaC security)

Technical Details

• All 227 tests passing
• 0 vulnerabilities in npm audit
• 0 HIGH/CRITICAL findings in Trivy
• No secrets detected by Gitleaks

v1.3.1 - UI Improvements

What's New

Jobs Tab Improvements

• Logs button added to active jobs table (no longer need to click on the row)
• Auto-refresh logs - logs modal now auto-refreshes every 2 seconds for running/pending jobs
• Auto-refresh indicator - pulsing green dot shows when logs are auto-refreshing
• Button order fixed - History section now shows Download, Logos, then Logs (rightmost)

Visual Improvements

• Softer notice colors - Plugin mismatch and other notices now use a subtle sky blue instead of jarring yellow
• Colors work well in both light and dark modes

Documentation

• Added Changelog section to README
• Updated Known Issues section for logo support
• Added Logos to sync compatibility table

Full Changelog: v1.3.0...v1.3.1

v1.3.0 - URL-based Logo Support

What's New

Improved Logo Backup/Restore

• URL-based logos are now handled separately from local file logos
• URL logos (like https://logo.m3uassets.com/...) are saved as mappings in url_logos.json - no redundant downloads
• On restore, URL logos are created via API with just {name, url} instead of file upload
• Fixes the off-by-one logo bug by avoiding file uploads for remote URLs
• Significantly faster backups and restores when most logos are URL-based

Technical Details

• Local file logos (from /data/logos) are still downloaded and uploaded as before
• URL-based logos bypass the file upload entirely, using a simple POST request
• Logo mapping for channel assignment works for both types

Full Changelog: v1.2.0...v1.3.0

v1.2.0

What's New

Dark Mode

• Added theme support with Light, Dark, and Auto options
• Auto mode follows your system preference
• All components updated to use CSS variables for consistent theming
• Toggle available in Settings tab

Version Display & Update Notifications

• Current version now displayed in the header
• Automatic check for new releases via GitHub API
• Dismissible banner when updates are available with link to release notes
• GitHub API responses cached for 1 hour to avoid rate limits

Full Changelog

v1.1.0...v1.2.0

v1.1.0: Job Scheduler & Backup Retention

What's New

Job Scheduler

Automate your backups and syncs with the new scheduling feature! Create recurring jobs that run automatically at your preferred times.

• Flexible scheduling: Hourly, daily, weekly, monthly, or custom (select specific days)
• WYSIWYG time picker: Easy-to-use interface supporting both 12-hour and 24-hour formats
• Timezone support: Configure your preferred timezone in Settings
• Manual triggers: Run any scheduled job on-demand with the "Run Now" button
• Run history: View past executions and their status for each schedule
• Enable/Disable: Temporarily pause schedules without deleting them

Backup Retention Policy

Keep your backup storage under control with automatic cleanup:

• Set a retention count per backup schedule (e.g., "keep last 5 backups")
• Old backups are automatically deleted after each successful scheduled backup
• Leave empty to keep all backups indefinitely

UI Improvements

• Fixed table alignment for Actions columns on Jobs and Schedules tabs
• Changed schedule status labels to "Enabled/Disabled" for clarity
• Removed redundant "Last Run" column from Schedules (use History button instead)
• Widened "Next Run" column for better readability
• Updated Jobs empty state message
• Connection names are now cached in schedules (persist even if connection is deleted)

Bug Fixes

• Fixed false positive "already installed" detection for plugins during restore
• Added milliseconds to job IDs to prevent collisions when jobs run in quick succession

Upgrade Notes

This release is fully backward compatible. Simply pull the latest images:

```bash
docker compose pull
docker compose up -d
```

Your existing connections and job history will be preserved. The new Schedules tab will appear automatically.