|
1 | 1 | # Changelog |
2 | 2 |
|
| 3 | +## Changes 03/14/2026 (v3.9.0) |
| 4 | + |
| 5 | +`release(v3.9.0): persistent-token key lifecycle updates and admin rotation workflow` |
| 6 | + |
| 7 | +**Commit message** |
| 8 | + |
| 9 | +```text |
| 10 | +release(v3.9.0): persistent-token key lifecycle updates and admin rotation workflow |
| 11 | +
|
| 12 | +- docker(startup): remove baked persistent-token key defaults and auto-generate a unique key for pristine installs |
| 13 | +- admin(ui): warn when the instance is still using a legacy or placeholder persistent-token key and expose guided rotation for compatible installs |
| 14 | +- admin(crypto): add persistent-token key rotation that re-encrypts stored secrets and expires remember-me sessions |
| 15 | +- docs(docker): refresh docker run / compose guidance so metadata-backed generated keys are documented as the default path |
| 16 | +``` |
| 17 | + |
| 18 | +**Added** |
| 19 | + |
| 20 | +- **Admin rotation workflow for persistent-token keys** |
| 21 | + - Added an admin-only rotation action that generates a new persistent-token key, re-encrypts stored secret-bearing data, writes `metadata/persistent_tokens.key`, and intentionally expires remember-me sessions. |
| 22 | + - Added an admin warning card with rotation guidance for instances still using a legacy or placeholder persistent-token key. |
| 23 | + |
| 24 | +**Changed** |
| 25 | + |
| 26 | +- **Docker startup behavior** |
| 27 | + - Pristine Docker installs now auto-generate and persist a unique persistent-token key in `metadata/persistent_tokens.key`. |
| 28 | + - Existing installs without an explicit key continue on the legacy compatibility path until the operator rotates them. |
| 29 | +- **Docker examples and env reference** |
| 30 | + - Updated `docker run`, compose, and env-reference guidance so `PERSISTENT_TOKENS_KEY` is optional by default and no published placeholder value is documented. |
| 31 | + |
| 32 | +**Fixed** |
| 33 | + |
| 34 | +- **Persistent-token key lifecycle** |
| 35 | + - Existing installs can now move off the legacy compatibility key without losing admin config, user-permissions, stored TOTP secrets, or source credentials. |
| 36 | + - Remember-me sessions are explicitly expired during rotation instead of being left in a mixed-key state. |
| 37 | + |
| 38 | +**Security** |
| 39 | + |
| 40 | +- **Install defaults** |
| 41 | + - The runtime image no longer ships a baked-in persistent-token key default. |
| 42 | + - New Docker installs now start with instance-unique key material by default as long as `metadata/` is persistent. |
| 43 | + |
| 44 | +--- |
| 45 | + |
3 | 46 | ## Changes 03/12/2026 (v3.8.0) |
4 | 47 |
|
5 | 48 | `release(v3.8.0): share-link admin guards and centralized safe-upload policy` |
|
0 commit comments