Skip to content

v1.8.1

Choose a tag to compare

@prih prih released this 26 Mar 13:21
· 132 commits to main since this release

March 2026

Fixes

  • ACL enforcement on project/workspace listingGET /api/projects now hides projects where the user has no read access to any graph; previously all projects were returned to all users
  • ACL enforcement on stats endpointsGET /api/projects/:id/stats returns null for graphs the user cannot read; GET /api/projects stats zeroed for denied graphs
  • Workspace listing filtered by accessGET /api/workspaces only returns workspaces (and projects within) that the user can access
  • Concurrent token refresh deduplication — multiple parallel 401 responses now share a single refresh request instead of firing one per failed call
  • UI respects graph access — navigation sidebar, dashboard stat cards, and Recent Notes/Tasks sections hidden for denied graphs