[1.1.0] - 2026-07-05
Trust-debt and OSS-growth release: security hardening C01–C21, Teams/MFA console improvements, feature-audit coverage, HA v2 CE lab foundation, and trusted cluster multi-site pairing (mTLS, replication rules, federation cluster_id).
Lab disclaimer: HA v2 and trusted clusters are CE lab foundations (compose scripts, separate ports, pairing lab). They are not production multi-AZ HA, not an automatic failover orchestrator, not Patroni-certified clustering, and not a turnkey multi-region product.
Security
STORAGE_OUTBOUND_HTTP_ALLOWremoved — outbound HTTP/private targets allowed only whenSTORAGE_DEV=true(non-production). Production integrations must use public HTTPS endpoints.STORAGE_METRICS_TOKEN— when set,GET /metricsrequiresAuthorization: Bearer <token>; empty token keeps legacy open mode with startup warning in production.- Share link tokens — stored as SHA-256 hash only (
token_hash); plaintext returned once on create. Postgres migration013_share_token_hashbackfills existing links; Bolt uses hash index with legacy plaintext fallback for pre-upgrade data. - Pen-test preparation — operator checklist (EN, RU) for external assessments.
- Automated mTLS cluster pairing — join tokens (
dsjoin_*, 15 min, single-use) stored as hash only; trust via mutual TLS and CA exchange (no manual fingerprint gate). - Cluster PKI — per-deployment CA and client certs on disk (
STORAGE_CLUSTER_CERT_DIR); private keys never in Postgres/Bolt. - Cert lifecycle — 90-day client cert TTL; leader-only rotator renews at ~75 days; revoke updates CRL and stops workers.
- Cluster metadata at rest — field encryption paths for cluster/site-replication secrets (
enc:v1:).
Added
- Teams (admin API + console) —
GET/POST/PUT/DELETE /api/v1/teams, member management; Admin → Teams UI (EN). OpenAPI paths indocs/api/openapi-full.yaml. - MFA setup wizard — console profile flow for TOTP enrollment and verification (
e2e/security-mfa.spec.tssmoke). - Feature audit — extended to 111 checks; Grafana panel smoke; AUD-15 tenant matrix; AUD-18 trash restore; trusted-cluster pairing and federation
cluster_idslices. - Playwright CI regression — 7 specs on PR (
smoke,buckets,settings,files,share,security-mfa,teams); OIDC Keycloak browser flow moved to nightly e2e-oidc.yml (optionalE2E_OIDC_KEYCLOAK=1, see docs/testing/oidc-e2e.md). - API guide examples — Go S3 SDK (
docs/api-guide/en/examples/go/) and Python Admin JWT list-buckets script; CI compile check. - Reference-arch backup smoke —
scripts/reference-arch/backup-restore.ps1; linked from backup-storage use-case (EN/RU). - Getting started stubs — German (
docs/getting-started/de/) and French (docs/getting-started/fr/). - GHCR on
main—.github/workflows/publish-main.ymlpushes:mainand:sha-*image tags. - Contributing guide — CONTRIBUTING.md with local stack, Playwright list, OIDC policy, good first issues.
- HA v2 (CE) — erasure object backend (
STORAGE_OBJECT_BACKEND=erasure), Postgres leader lock (STORAGE_HA_ENABLED), site replication Admin API + console; lab scripts underscripts/ha/; spec ha-replication-v2-tz.md. - Trusted clusters —
GET/POST /api/v1/clusters/…(pairing, revoke, rotate, replication-rules); Console Clusters page; Playwrighttrusted-clusters.spec.ts. - Trusted-cluster replication — mTLS S3 client to paired peers;
STORAGE_TRUSTED_CLUSTER_REPL_ENABLED(defaulttrue); migrations017–019. - Federation
cluster_id— each federation peer scoped to local or trusted remote cluster. - Parallel multipart uploads — console concurrency 4 for large files.
- Load balancer templates — Caddy multi-cluster LB; Helm
caddy-lb.yaml. - Documentation (EN/RU) — trusted clusters ops, admin console guide, updated user guide §8.
Changed
- Helm —
storageServer.config.metricsTokenmaps toSTORAGE_METRICS_TOKEN. - Prometheus example — bearer scrape config in
deploy/docker/prometheus.yml. - Security self-assessment — metrics token and outbound policy notes (EN, RU).
- Site replication worker — rules with
trusted_cluster_iduse mTLS transport.
Migration
See upgrade guide § v1.1.0 (EN/RU). Postgres migrations 013–019 apply on start. Field encryption v2 is not in this release.
Trusted clusters: set STORAGE_CLUSTER_ID and STORAGE_CLUSTER_ENDPOINT (reachable from remote site — on Docker Desktop use host.docker.internal, not 127.0.0.1). Backup {STORAGE_DATA_DIR}/cluster-certs/. See trusted clusters upgrade.
Container images (on tag): ghcr.io/direktorbani/datasafe-storage-server:v1.1.0, ghcr.io/direktorbani/datasafe-console:v1.1.0.
Container images
ghcr.io/direktorbani/datasafe-storage-server:v1.1.0ghcr.io/direktorbani/datasafe-console:v1.1.0
CycloneDX SBOM files and cosign signatures are attached. See SECURITY.md for cosign verify instructions.