Releases: systemli/userli
Releases · systemli/userli
6.7.0
Features and Improvements
- 💬 Use gender-inclusive language in German translations (#1245)
- 💄 Align domain show page layout with user show page (#1244)
- ✨ Add domain filter to all admin entity lists (#1243)
- ✨ Add admin user show page with detail view and delete action (#1238)
Technical Changes
- ⬆️ (deps-dev): Bump the npm-dependencies group with 5 updates (#1242)
- ⬆️ (deps): Bump the github-actions group with 3 updates (#1241)
- ⬆️ Update composer dependencies (#1240)
Bug Fixes
6.6.1
- Fix 6.6.0 release (release immutability issue from GitHub)
Features and Improvements
- ✨ Restructure welcome page with security, OpenPGP, and invitation sections (#1235)
- ✨ Improve domain invitation settings UI and naming consistency (#1224)
- ✨ Show notice when invitations are disabled on voucher admin page (#1222)
- ✨ Allow domain admins to view and edit their own domain settings (#1221)
- ✨ Grant DOMAIN_ADMIN access to vouchers in admin panel (#1220)
- ✨ Add per-domain invitation settings, replace REGISTRATION_OPEN (#1218)
- 🚸 Make password change implications more explicit (#1211)
Technical Changes
- ♻️ Refactor safe_html to use Symfony HTML Sanitizer config (#1233)
- ♻️ Extract Domain invitation settings into Doctrine Embeddable (#1230)
- 🌐 Generalize closed registration translations (#1219)
- 🔨 Add make setup and make dev targets for easier onboarding (#1216)
- ♻️ Remove PasswordStrengthHandler and umlaut password restriction (#1207)
- ⬆️ Update composer dependencies (#1226, #1213, #1208)
- ⬆️ Update npm dependencies (#1228, #1215, #1209)
- ⬆️ Update GitHub Actions dependencies (#1227, #1214, #1210)
- ⬆️ (deps): Bump vite from 8.0.3 to 8.0.5 (#1229)
- ⬆️ (deps): Bump serialize-javascript from 7.0.4 to 7.0.5 (#1212)
- ⬆️ (deps): Bump lodash from 4.17.23 to 4.18.1 (#1217)
Bug Fixes
6.5.0
Features and Improvements
- 🗃️ Wrap registration flow in database transaction (#1201)
- 🐳 Switch to Alpine + Caddy, separate Node/PHP build stages (#1192)
- ✨ Scope dashboard statistics for domain admins (#1181)
- ✨ Link OpenPGP keys dashboard tile and enable domain admin access (#1170)
- ✨ Restructure admin area for multi-role access with dashboard (#1169)
- ✨ Add OpenPGP keys settings page (#1167)
- 🔥 Remove Sonata Admin Bundle and rename settings to admin (#1166)
- ✨ Add native User Admin under /settings/users/ (#1165)
- ✨ Allow OpenPgpKey uploads to WKD for aliases (#1117)
Security
- 🔒 Invalidate session on logout (#1200)
- 🔒 Switch CI from pull_request_target to pull_request (#1189)
- 🔒️ Add missing password validation constraints to RecoveryResetPassword (#1184)
- 🔒 Extend DomainVoter for aliases and harden AliasController for domain admins (#1179)
- 🔒 Fix serialize-javascript vulnerability (Dependabot #79) (#1177)
- 🔒 Add domain authorization for user creation (#1176)
- 🔒 Prevent domain admin privilege escalation to full admin (#1173)
Technical Changes
- 🐳 Move Dovecot/Roundcube to mail profile and fix rootless Podman (#1198)
- 🔇 Suppress Psalm InvalidAttribute false positives (#1196)
- ♻️ Use Symfony's HTML Sanitizer for safe_html twig filter (#1186)
- ⏪ Revert serialize-javascript vulnerability fix (#1177) (#1182)
- 🧪 Add comprehensive domain admin access control Behat tests (#1180)
- 📝 Add hierarchical AGENTS.md knowledge base (#1174)
- ♻️ Refactor GpgKeyImporter into GpgKeyParser, introduce GpgKeyResult DTO, and remove dead code (#1172)
- ♻️ Replace standalone delete pages with password-confirmation modal dialogs (#1164)
- ♻️ Generalize confirm modal and replace inline JS with Stimulus controller (#1163)
- ♻️ Remove redundant max-width constraints from page templates (#1162)
- ♻️ Replace window.confirm() with accessible modal dialogs for delete confirmations (#1161)
- ✅ Add JavaScript testing support to Behat via Symfony Panther (#1160)
- ✅ Add unit tests for all remaining Stimulus controllers (#1158)
- 💚 Fix SonarCloud PR decoration with pull_request_target (#1157)
- ✅ Add Vitest unit tests for Stimulus controllers and sanitize utility (#1156)
- 🎨 Widen page layout to max-w-7xl and remove redundant width wrappers (#1151)
- ⬆️ Update composer dependencies (#1193, #1153)
- ⬆️ Update npm dependencies (#1197, #1178, #1175, #1154)
- ⬆️ Update GitHub Actions dependencies (#1195, #1155)
Bug Fixes
6.4.1
Technical Changes
- 💚 Scope Docker build concurrency group to git ref (#1147)
- ♻️ Replace inline onchange handlers with Stimulus navigate controller (#1146)
- 💚 Fix CI workflows for external (fork) contributions (#1145)
- ♻️ Merge Builder/ + Sender/ into Mail/ mailer classes (#1144)
- ♻️ Simplify locale parameters in services.yaml (#1143)
- ⬆️ (deps-dev): Bump dompurify from 3.3.1 to 3.3.2 (#1118)
6.4.0
Features and Improvements
- 💄 Improve responsive table layout in settings pages (#1124)
- 💄 Redesign settings navigation for responsiveness and scalability (#1120)
Security
- 🔒 Add CSP nonces to inline dark mode scripts (#1142)
- 🔒 Enable cryptographic signing for all Messenger handlers (#1134)
- 🔒 Add missing CSRF validation and fix null-safety in settings controllers (#1132)
Technical Changes
- 🔧 Remove redundant kernel.event_subscriber tag from services.yaml (#1141)
- ♻️ Replace fluent setters with void setters in OpenPgpKey form model (#1140)
- ♻️ Use Command::SUCCESS/FAILURE constants instead of literal integers (#1139)
- ♻️ Add missing readonly keywords to stateless classes (#1137)
- 🔥 Remove incorrect copy-paste docblocks from MailCryptKeyHandler (#1136)
- ✅ Fix all PHPUnit deprecations and notices in test suite (#1133)
- ♻️ Replace Sonata Alias admin with native settings view (#1125)
- ♻️ Organize controllers into Account, Settings, and Api subdirectories (#1123)
- ♻️ Replace Sonata Voucher admin with native settings view (#1122)
- ♻️ Replace Sonata UserNotification admin with native settings view (#1121)
- ♻️ Replace MAIL_CRYPT env variable with database-backed setting (#1119)
- ♻️ Unify password confirmation forms and add password-confirmed domain deletion (#1116)
- ⬆️ (deps): Bump svgo from 3.3.2 to 3.3.3 (#1115)
- ⬆️ Update composer dependencies (#1112)
Bug Fixes
6.3.0
Features and Improvements
- ✨ Add domain filter for webhook endpoints (#1078)
- ✨ Add MTA-STS (RFC 8461) support (#1077)
- ✨ Add domain deletion with CASCADE constraints and async event handling (#1075)
- ✨ Native domain management and unified Settings UI (#1057)
- ✨ Add domain field to Voucher entity (#1056)
Security
- 🔒 Pin GitHub Actions to commit SHAs for supply chain security (#1099)
Technical Changes
- 👷 Improve Dependabot and CI configuration (#1111, #1107, #1105, #1100, #1095, #1092)
- 📌 Pin Symfony packages to ^7.4 to prevent unintended Symfony 8 upgrades (#1103)
- 📝 Consolidate and update development documentation (#1076)
- ♻️ Fix Makefile (#1074)
- ♻️ Improve docker dovecot setup and mailcrypt integration (#1073)
- ♻️ Refactor EmailAddress validator (#1071)
- ♻️ AliasAdmin: Relax EmailAddress() constraint (#1070)
- ♻️ Serve WKD keys directly from database instead of filesystem (#1067)
- 🗃️ Rename database tables to remove virtual_ prefix (#1062)
- ⬆️ Update dependencies (#1110, #1108, #1094, #1068)
Bug Fixes
6.2.0
Features and Improvements
- 🔥 Remove unused environment variable (#1059)
- ✨ Add real-time password strength meter (#1044)
- ✨ Introduce configurable sending quotas (#955)
Technical Changes
- ♻️ Migrate WEBMAIL_URL from env var to application setting (#1058)
- ♻️ Group all authenticated routes under /account/ (#1055)
- ♻️ Migrate JavaScript to TypeScript (#1054)
- ♻️ Final cleanup: extract sanitize module, add confirm controller, fix CSRF (#1053)
- ♻️ Replace password strength inline JS with Stimulus controller (#1052)
- ♻️ Replace flash notification inline JS with Stimulus controller (#1051)
- ♻️ Replace tooltip inline JS with Stimulus controller (#1050)
- ♻️ Replace clipboard JS with @stimulus-components/clipboard (#1049)
- ♻️ Replace dark mode inline JS with Stimulus controller (#1048)
- ♻️ Replace inline dropdown JS with Stimulus controller (#1047)
- ♻️ Activate Stimulus bridge and remove dead frontend code (#1046)
- ♻️ Refactor registration into two-step flow with voucher check on start page (#1043)
- 🌐 Remove %domain% variable from translations (#1042)
- ♻️ Replace domain with app_name setting in browser page titles (#1041)
- 📝 Merge copilot-instructions.md into AGENTS.md and update guidelines (#1040)
- ♻️ Replace ReportWeeklyCommand with Scheduler and configurable setting (#1039)
- ♻️ Refactor UserChangedListener to async ReportSuspiciousChildren pattern (#1038)
- ♻️ Migrate ReservedName management from SonataAdmin to native Settings UI (#1037)
- ♻️ Centralize cache key management and increase TTL to 24h (#1036)
Bug Fixes
- 🐛 Fix optional settings not being saved (#1060)
6.1.0
Features and Improvements
- 🚸 Improve Error Handling in Dovecot Lua Adapter (#1034)
- ✨ Add configurable Redis cache support via REDIS_URL (#1033)
- ⚡ Add caching for Dovecot userdb lookup API (#1027)
- ⚡ Use lightweight queries and repository methods for Postfix lookups (#1014)
- ⚡ Add application-level caching for Postfix API endpoints (#1013)
- ⚡ Throttle API token lastUsedTime updates to every 5 minutes (#1012)
Technical Changes
- ✅ Add unit tests for 16 previously uncovered classes (#1029)
- 👷 Add Rector CI workflow that comments on PRs with diffs (#1025)
- ♻️ Modernize codebase for PHP 8.4 (#1024)
- ♻️ Extract business logic from RecoveryController into RecoveryHandler (#1023)
- ♻️ Modernize Event classes: use readonly constructor params, remove traits and setters (#1022)
- ⬆️ Upgrade PHPUnit from 9.x to 12.x and modernize test suite (#1021)
- ⬆️ Upgrade scheb/2fa-* from v7 to v8 (#1019)
- ⬆️ Upgrade Doctrine bundles to latest major versions (#1018)
- ⬆️ Upgrade Doctrine ORM from 2.x to 3.x (#1017)
- ♻️ Clean up entity constructors: remove redundant defaults and fix OpenPgpKeys init (#1016)
- ♻️ Migrate all entities from DateTime to DateTimeImmutable (#1015)
Bug Fixes
6.0.0
- BREAKING CHANGE: This release needs at least PHP 8.4
- BREAKING CHANGE: The Lua script for Dovecot needs at least Dovecot 2.4
Features and Improvements
- ✨ Add webhook event for user.reset (#1010)
- ✨ Allow admins to reset user passwords in UserAdmin (#1007)
Technical Changes
- ✨ Auto-update updatedTime via Doctrine listener and UpdatedTimeInterface (#1009)
- ♻️ Encapsulate form model properties with getters/setters (#1006)
- ♻️ Centralize validation in form models and admin classes (#1002)
- ⬆️ Update to Debian Trixie and PHP 8.4 (#988)
- ♻️ Extract UserResetService from Command (#1004)
- ✅ Convert Controller functional tests to Behat features (#1005)
- ♻️ Remove code duplication in user commands (#1003)
- ♻️ Extract TOTP Backup Code Generation from Trait (#997)
- 🗃️ Migrate 2FA Backup Codes from array to json (#996)
5.5.0
With this release, Userli relies on Doctrine Migrations to handle database schema changes.
Features and Improvements
- 🗃️ Add missing migration for webhook_deliveries indexes (#992)
- 🗃️ Add Migration to add notes column (#991)
- 🗃️ Migrate User roles from array to json (#979)
- ✨ Add optional note to random alias (#872)
- 🚸 Improve UX for deleting custom aliases (#873)
- ✨ Add Filter for Event in Webhook Deliveries (#987)
Bug Fixes
- 🐛 Fix the initial migration when the database is empty (#989)