Releases: aha-oida/aha-secret
Releases · aha-oida/aha-secret
v2.0.2
What's Changed
- Remove erubis gem and dead escape_html config by @armins in #442
- Bump rack from 3.2.5 to 3.2.6 by @dependabot[bot] in #443
Full Changelog: v2.0.1...v2.0.2
Contributors
armins and dependabot
Assets 2
v2.0.1
What's Changed
- German translation updates by @armins in #433
- Bump activerecord from 8.1.2 to 8.1.2.1 by @dependabot[bot] in #439
- Bump rubocop from 1.85.1 to 1.86.0 by @dependabot[bot] in #438
- Bump activerecord from 8.1.2.1 to 8.1.3 by @dependabot[bot] in #441
Full Changelog: v2.0.0...v2.0.1
Contributors
armins and dependabot
Assets 2
VR Edition
aha-secret 2.0.0 "VR"
aha-secret 2.0.0 is a visual refresh release with UI updates, browser-compatibility fixes, security hardening, configuration cleanup, and improved documentation.
Upgrading
If you use custom CSS overrides, review them before upgrading because the visual refresh changed parts of the markup and styling.
This release also deprecates the old legacy configuration names.
Legacy configuration changes
Legacy non-prefixed environment variables are no longer supported and are ignored with a deprecation warning. Please migrate to the AHA_SECRET_* variants:
MEMCACHE→AHA_SECRET_MEMCACHE_URLSESSION_SECRET→AHA_SECRET_SESSION_SECRETAPP_LOCALE→AHA_SECRET_APP_LOCALEPERMITTED_ORIGINS→AHA_SECRET_PERMITTED_ORIGINS
If you use config/config.yml, the legacy url key is also deprecated and ignored. Use base_url instead.
Upgrade checklist
Before upgrading, review your:
.envfiles- Docker Compose files
- container environment settings
- deployment secrets
config/config.yml
Highlights
- New visual design ("VR" = Visual Refresh)
- Improved browser compatibility and less flaky tests
- Fix for cleartext secret exposure during browser navigation flows
- Screenshot artifacts for failing feature tests and manual screenshot runs
- Updated configuration docs and threat model
What's Changed
- Bump nokogiri from 1.19.0 to 1.19.1 by @dependabot[bot] in #403
- Bump nokogiri from 1.19.0 to 1.19.1 in /docs by @dependabot[bot] in #402
- Fix config.ru by unifying memcache check by @armins in #398
- Fix/memcache env deprecation by @armins in #404
- Refactor loader methods, add frozen string by @armins in #405
- Bump dalli from 5.0.0 to 5.0.1 by @dependabot[bot] in #407
- Bump undercover from 0.8.3 to 0.8.4 by @dependabot[bot] in #406
- New gui by @git-lreuter in #408
- Fix/adapt to guiv2 by @armins in #414
- Bump sqlite3 from 2.9.0 to 2.9.1 by @dependabot[bot] in #409
- Bump dalli from 5.0.1 to 5.0.2 by @dependabot[bot] in #410
- Bump brakeman from 8.0.2 to 8.0.4 by @dependabot[bot] in #411
- Bump sinatra-contrib from
9e5c4ectof891dd2by @dependabot[bot] in #412 - Create screenshots on test failures & manual by @armins in #418
- Add files via upload by @whotwagner in #419
- Bump rubocop from 1.84.2 to 1.85.0 by @dependabot[bot] in #413
- Add cards explaining aha-secret by @armins in #421
- Bump sqlite3 from 2.9.1 to 2.9.2 by @dependabot[bot] in #424
- Bump faker from 3.6.0 to 3.6.1 by @dependabot[bot] in #420
- Deprecation of config / environment vars without AHA_SECRET prefix by @armins in #423
- Bump json from 2.19.1 to 2.19.2 by @dependabot[bot] in #428
- Bump json from 2.18.0 to 2.19.2 in /docs by @dependabot[bot] in #427
- Update docs mandatory by @armins in #429
- Bump ruby3 to 3.4.9 by @armins in #426
- Bump ruby4 to 4.0.2 by @armins in #425
- Fix showing cleartext secret after creation by @armins in #430
- Refactor for browser compatiblity & non-flaky tests by @armins in #431
- Updated threat model: added reload info disclosure by @whotwagner in #432
New Contributors
- @git-lreuter made their first contribution in #408
Full Changelog: v1.2.3...v2.0.0
Contributors
armins, whotwagner, and 2 other contributors
Assets 2
v1.2.3
What's Changed
- Bump sinatra-contrib from
4062e36to074d876by @dependabot[bot] in #372 - Minor layout fixes by @armins in #375
- Add missing de random_length translation by @armins in #373
- Bump sqlite3 from 2.8.1 to 2.9.0 by @dependabot[bot] in #371
- Bump sinatra-contrib from
074d876to9e5c4ecby @dependabot[bot] in #378 - Bump dalli from 3.2.8 to 4.0.0 by @dependabot[bot] in #377
- Bump activerecord from 8.1.1 to 8.1.2 by @dependabot[bot] in #376
- Add versioning infrastructure and display controls by @armins in #374
- Focus improvements on page loads by @armins in #379
- Upgrade Ruby version to 4.0.1 and update related configurations by @armins in #381
- Replace backticks with exec to enable stdout logging by @armins in #383
- Bind docker port to localhost in docker-compose file by @armins in #384
- refactor javascript, update test name by @armins in #380
- Enhancement dalli json serializer by @whotwagner in #388
- created initial contributing-file by @whotwagner in #389
- Added issue-templates and pull-request templates by @whotwagner in #393
- Bump brakeman from 7.1.2 to 8.0.1 by @dependabot[bot] in #397
- Bump dalli from 4.0.0 to 4.2.0 by @dependabot[bot] in #396
- Bump rubocop from 1.82.1 to 1.84.1 by @dependabot[bot] in #395
- Bump puma from 7.1.0 to 7.2.0 by @dependabot[bot] in #392
- Bump faker from 3.5.3 to 3.6.0 by @dependabot[bot] in #390
Security
- Bump rack from 3.2.4 to 3.2.5 by @dependabot[bot] in #400
Full Changelog: v1.2.2...v1.2.3
Contributors
armins, whotwagner, and dependabot
Assets 2
v1.2.2
Happy New Year 2026
We wish you a wonderful year 2026 🎆🎇
What's Changed
- docs: fix incorrect stylesheet paths by @srntm in #353
- Fix comparison of string and integer by @armins in #356
- Bump faker from 3.5.2 to 3.5.3 by @dependabot[bot] in #359
- Bump sqlite3 from 2.8.0 to 2.8.1 by @dependabot[bot] in #358
- Bump rackup from 2.2.1 to 2.3.1 by @dependabot[bot] in #360
- Bump i18n-tasks from 1.0.15 to 1.1.2 by @dependabot[bot] in #357
- Bump rubocop from 1.81.7 to 1.82.1 by @dependabot[bot] in #365
- Bump brakeman from 7.1.1 to 7.1.2 by @dependabot[bot] in #364
- Bump debug from 1.11.0 to 1.11.1 by @dependabot[bot] in #363
- Bump i18n from 1.14.7 to 1.14.8 by @dependabot[bot] in #361
- Bump undercover from 0.8.1 to 0.8.3 by @dependabot[bot] in #348
- Enable stylesheet in config for custom and test by @whotwagner in #366
New Contributors
Full Changelog: v1.2.1...v1.2.2
Contributors
armins, srntm, and 2 other contributors
Assets 2
v1.2.1
Hotfix: custom-css doesn't load.
Full Changelog: v1.2.0...v1.2.1
v1.2.0
What's Changed
- Fix config var issues, extend documentation & tests by @armins in #338
- Feature random by @whotwagner in #345
Full Changelog: v1.1.6...v1.2.0
Contributors
armins and whotwagner
Assets 2
v1.1.6
What's Changed
- Bump sinatra-contrib from
599a007to4062e36by @dependabot[bot] in #328 - Add tests for security features of possible payload injections by @armins in #320
- Bump rack-attack from 6.7.0 to 6.8.0 by @dependabot[bot] in #331
- Bump puma from 7.0.4 to 7.1.0 by @dependabot[bot] in #332
- test: Ensure legacy env var tests clear new secret env vars first by @armins in #334
- Update Ruby version and Gemfile.lock dependencies by @armins in #330
- Bump rspec from 3.13.1 to 3.13.2 by @dependabot[bot] in #337
- Bump rubocop from 1.81.1 to 1.81.6 by @dependabot[bot] in #336
- Bump activerecord from 8.0.3 to 8.1.0 by @dependabot[bot] in #335
- Bump rake from 13.3.0 to 13.3.1 by @dependabot[bot] in #342
- Bump brakeman from 7.1.0 to 7.1.1 by @dependabot[bot] in #344
- Bump sqlite3 from 2.7.4 to 2.8.0 by @dependabot[bot] in #343
- Bump rubocop from 1.81.6 to 1.81.7 by @dependabot[bot] in #341
- Bump activerecord from 8.1.0 to 8.1.1 by @dependabot[bot] in #340
Full Changelog: v1.1.5...v1.1.6
Contributors
armins and dependabot
Assets 2
v1.1.5
What's Changed
- Bump sinatra and sinatra-contrib by @dependabot[bot] in #327
Full Changelog: v1.1.4...v1.1.5
Contributors
dependabot
Assets 2
v1.1.4
What's Changed
- Bump rubocop from 1.80.1 to 1.80.2 by @dependabot[bot] in #307
- Re-enable undercover f. ruby 3.4.2 by @armins in #308
- Bump puma from 6.6.1 to 7.0.1 by @dependabot[bot] in #306
- Updated docs by @whotwagner in #310
- Replace playwright with cuprite by @armins in #309
- Bump puma from 7.0.1 to 7.0.3 by @dependabot[bot] in #312
- Bump rexml from 3.4.1 to 3.4.2 by @dependabot[bot] in #315
- Bump rexml from 3.4.0 to 3.4.2 in /docs by @dependabot[bot] in #314
- Feature/local undercover by @armins in #317
- Bump sqlite3 from 2.7.3 to 2.7.4 by @dependabot[bot] in #318
- Bump undercover from 0.8.0 to 0.8.1 by @dependabot[bot] in #324
- Bump rubocop from 1.80.2 to 1.81.1 by @dependabot[bot] in #323
- Bump activerecord from 8.0.2.1 to 8.0.3 by @dependabot[bot] in #322
- Bump puma from 7.0.3 to 7.0.4 by @dependabot[bot] in #321
- Bump rack from 3.2.0 to 3.2.2 by @dependabot[bot] in #325
Full Changelog: v1.1.3...v1.1.4
Contributors
armins, whotwagner, and dependabot