Skip to content

v1.8.2

Choose a tag to compare

View all tags
@prih prih released this 26 Mar 20:09
· 128 commits to main since this release
v1.8.2
1c4754d

March 2026

Fixes

  • Session expiry — 403 instead of 401 — access cookie maxAge now matches refresh token TTL so the browser delivers expired JWT cookies to the server; auth middleware returns 401 (triggering client-side refresh) instead of falling through to anonymous 403
  • Client-side session refreshcheckAuthStatus(), file uploads, attachment images/downloads, and WebSocket reconnect all handle 401→refresh→retry; previously only request() wrapper did
  • WebSocket reconnect on server restart — WS reconnect now distinguishes network errors (server down → exponential backoff retry) from auth rejection (→ redirect to login); previously any failure kicked to login
  • CLI password input visibilityusers add command no longer echoes password to terminal
Assets 2
Loading