- Source map and release uploads via sentry-cli
- Upload chunk isolation and write safety
- Per-project API keys for source map and release uploads (
spk_prefix, SHA-256 hashed) - Source Maps settings page with key generation, setup guide for
sentry-cli - API key auth on all Sentry-compatible upload endpoints (
/api/0/)
- Project "First Seen" no longer changes with the time filter
- "All time" filter now propagates correctly to project detail views
- Browser defaults: configurable default filters (status, level, period) stored as a cookie
- Settings page at
/web/settings/defaults/to manage defaults - List pages redirect to fill in missing filter params from saved defaults
- Event detail page queries run concurrently instead of sequentially
- Event navigation (prev/next/total) consolidated from 3 queries to 1
- Project list replaces correlated subquery with a pre-aggregated JOIN
- Tag facet lookups covered by a new composite index
- CSRF middleware rejects missing cookie before consuming request body
- ORDER BY columns use static pushes instead of format interpolation
- SVG sanitizer no longer re-allocates on each loop iteration
- Partial sentry keys no longer logged on auth failure
- Infallible parse calls use
expectinstead ofunwrap
- SVG text escaping order causing double-encoded ampersands in chart labels
- SVG sanitizer bypasses for unquoted attribute values and long handler names
- Missing master key now blocks startup if encrypted integration secrets exist
- Compression failures no longer corrupt stored events (read path falls back to raw JSON)
- zstd compression no longer blocks the async runtime (
block_in_place) WriteErrornow implementsstd::error::Errorfor proper error chain composition
- Event severity
levelfield is now a typed enum instead of a free-form string - Nav badge counts consolidated from 9 subqueries to a single events table scan
- Filtered events now return
X-Sentry-Discardedheader so operators can detect drops
- RPM build failing due to missing
package.metadata.generate-rpmconfig - GitHub Actions Node.js 20 deprecation warnings (checkout v5, artifact actions v6)
- Added explicit deb packaging metadata
- Logout mechanism with nav bar button
- Security headers on all admin responses (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy)
- Login-specific rate limiting (10/min per IP, separate from general admin limit)
- Periodic eviction of stale notification rate limiter entries
- CSRF cookie no longer set as HttpOnly, allowing JS double-submit injection to work
- Login cookie stores a SHA-256 derivative instead of the raw admin token
- CSRF body size limit now uses configured
max_body_sizeinstead of hardcoded 10MB - Notification rate limiter no longer wastes per-project budget when global limit rejects
- Discard stats flush no longer double-counts on partial DB write failures
- Threshold alert state update failures are now logged instead of silently dropped
- Landing page for the ingest port
- Updated dependencies (
rand,reqwest,zip,toml)
- Initial release
- Sentry-compatible error tracking and event ingestion
- SQLite and PostgreSQL support
- Web dashboard with project management
- Source map processing
- CSRF protection
- Webhook notifications