feat: add new options for v4.1.0 (#33)

steveiliop56 · web-flow · commit 89268f24515d · 2025-11-23T14:30:42.000+02:00
* feat: add new options for v4.1.0

* fix: bot suggestions

* feat: add disable ui warnings option

* chore: update changelog
diff --git a/content/docs/breaking-updates/3-to-4.mdx b/content/docs/breaking-updates/3-to-4.mdx
@@ -168,10 +168,10 @@ The following options are deprecated:
 
 Changed options:
 
-| Current                             | New                                 |
-| ----------------------------------- | ----------------------------------- |
-| `COOKIE_SECURE` (`--cookie-secure`) | `SECURE_COOKIE` (`--secure-cookie`) |
-| `LOG_LEVEL` (`--log-level`)         | `LOG_LEVEL` (`--log-level`)         |
+| Current                             | New                                 | Values                                                      |
+| ----------------------------------- | ----------------------------------- | ----------------------------------------------------------- |
+| `COOKIE_SECURE` (`--cookie-secure`) | `SECURE_COOKIE` (`--secure-cookie`) | `true`, `false`                                             |
+| `LOG_LEVEL` (`--log-level`)         | `LOG_LEVEL` (`--log-level`)         | `trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic` |
 
 ## API Changes
 
diff --git a/content/docs/changelog.mdx b/content/docs/changelog.mdx
@@ -3,9 +3,38 @@ title: Changelog
 description: Overview of changes and updates in Tinyauth versions.
 ---
 
+## v4.1.0
+
+### New Features
+
+- Light mode
+- Support for listening on UNIX sockets
+- Log new sessions in `TRACE`
+- Support for logging in JSON
+- Add option to disable UI warnings
+
+### Improvements
+
+- Generate OAuth verifier on every login attempt
+- Add routine to cleanup expired sessions
+- Log unsafe redirect URI in OAuth controller
+
+### Fixes
+
+- Ensure OAuth providers have the `PROVIDERS_` prefix
+- Allow for all sub-domains to be considered safe for redirects
+
+### Technical
+
+- Use Gorm generics for all database actions
+- Attempt to clean-up the decoders logic
+- Make air development workflow faster by not installing delve on every reload
+- Bump dependencies
+- Update translations
+
 ## v4.0.1
 
-<Callout>
+<Callout type="warning">
   This release contains a security fix regarding label discovery, please update
   as soon as possible.
 </Callout>
diff --git a/content/docs/reference/configuration.mdx b/content/docs/reference/configuration.mdx
@@ -22,7 +22,9 @@ Tinyauth can be configured using environment variables or CLI flags. The table b
 | `DATABASE_PATH`           | `--database-path`           | Path to the SQLite database file.                                                                | `/data/tinyauth.db` | no       |
 | `DISABLE_ANALYTICS`       | `--disable-analytics`       | Disable anonymous version collection.                                                            | `false`             | no       |
 | `DISABLE_RESOURCES`       | `--disable-resources`       | Disable the resources server.                                                                    | `false`             | no       |
+| `DISABLE_UI_WARNINGS`     | `--disable-ui-warnings`     | Disable UI warnings about insecure configurations.                                               | `false`             | no       |
 | `FORGOT_PASSWORD_MESSAGE` | `--forgot-password-message` | Message to show on the forgot password page.                                                     | ``                  | no       |
+| `LOG_JSON`                | `--log-json`                | Enable JSON formatted logs.                                                                      | `false`             | no       |
 | `LOG_LEVEL`               | `--log-level`               | Log level (`trace`, `debug`, `info`, `warn`, `error`, `fatal`, `panic`).                         | `info`              | no       |
 | `LOGIN_MAX_RETRIES`       | `--login-max-retries`       | Maximum login attempts before timeout (0 to disable).                                            | `5`                 | no       |
 | `LOGIN_TIMEOUT`           | `--login-timeout`           | Login timeout in seconds after max retries reached (0 to disable).                               | `300`               | no       |
@@ -32,6 +34,7 @@ Tinyauth can be configured using environment variables or CLI flags. The table b
 | `RESOURCES_DIR`           | `--resources-dir`           | Path to a directory containing custom resources (e.g., background image).                        | `/data/resources`   | no       |
 | `SECURE_COOKIE`           | `--secure-cookie`           | Send cookie over secure connection only.                                                         | `false`             | no       |
 | `SESSION_EXPIRY`          | `--session-expiry`          | Session (cookie) expiration time in seconds.                                                     | `86400`             | no       |
+| `SOCKET_PATH`             | `--socket-path`             | Path to the Unix socket to bind the server to.                                                   | ``                  | no       |
 | `TRUSTED_PROXIES`         | `--trusted-proxies`         | Comma-separated list of trusted proxies (IP addresses or CIDRs) for correct client IP detection. | ``                  | no       |
 | `USERS`                   | `--users`                   | Comma-separated list of users in the format `username:hash`.                                     | ``                  | yes      |
 | `USERS_FILE`              | `--users-file`              | Path to a file containing users in the format `username:hash`.                                   | ``                  | no       |
diff --git a/content/docs/reference/headers.mdx b/content/docs/reference/headers.mdx
@@ -28,6 +28,11 @@ The `Remote-Name` header contains the full name of the currently logged-in user.
 
 The `Remote-Groups` header contains the groups of the currently logged-in user, retrieved from the `groups` claim in the OIDC server. These can be used to allow access to specific user groups configured by the OIDC server. More details are available in the [OIDC access controls](/docs/guides/access-controls.md#access-controls-using-oidc-groups) guide.
 
+<Callout type="warning">
+  Remote groups are only available for OIDC providers that support the `groups`
+  claim. LDAP groups are **not** supported.
+</Callout>
+
 ### Custom headers
 
 Custom headers can be set using the `tinyauth.headers` label on any container that uses the Tinyauth middleware. For example:
