-
Notifications
You must be signed in to change notification settings - Fork 11
Release Notes v2.1.0
NeySlim edited this page Feb 18, 2026
·
6 revisions
Release Date: February 2026
Type: Feature Release
Current Pre-release: v2.1.0-rc2
- Consolidated API routes: removed
features/module, all routes underapi/v2/(34 blueprints) - Consolidated models: removed
models/features/, moved tomodels/ - Removed Pro/Community distinction: all features are core
- JWT removal: session cookies + API keys only (reduced attack surface)
- AKI/SKI Chain Matching - Cryptographic chain validation replacing DN-based matching
- Chain Repair Scheduler - Hourly backfill, re-chain, and deduplication task
- Chain Repair Widget - Visual progress on CAs page with manual run
- Smart Import Dedup - Prevent duplicate CAs via SKI matching
- Click any table row to open a draggable, resizable detail window
- Embedded content with action bar: Export (PEM, DER, PKCS#12, chain), Renew, Revoke, Delete
- Window manager in footer: stack/tile, same-window, close-on-navigate
- Deep-link support for certificates, CAs, and trust store items
- Chain validation with visual status (complete/partial/incomplete)
- Export bundle (PEM), expiration alerts widget
- Add certificates from managed CAs (backend + UI)
- Auto-add issuer to trust store from certificate details
- Unified Import, Export, and Bulk Actions under a single sidebar page
- Smart Import with automatic format detection + OPNsense sync
- Export action cards per resource type with PEM and P7B download
- Bulk Actions with resource type chips, inline search, status/CA filters
- 30s countdown before reconnection attempts
- Health endpoint includes WebSocket readiness status (
/api/v2/health) - Automatic redirect to login page after service restart
- Browser cache invalidation on reconnect
- Floating contextual help panel on every page
- Draggable, resizable, with mobile bottom-sheet mode
- Tips, warnings, and related page links
- Dashboard: redesigned header with logo, diversified widget colors, donut chart with gradient/shadow effects
- Dashboard mobile: compact header with watermark logo, no redundancy with navbar
- New logo: shield outline, larger on dashboard, smaller in sidebar
- Themes simplified: 3 themes (Gray, Purple, Sunset)
- Tables: proportional column sizing, actions moved to detail windows
- Status footer bar with window management controls
- Mobile navbar: user dropdown menu with account, settings, language selector, logout
- Mobile nav grid: short i18n labels for compact 5-column layout
- Reconnect overlay with circular countdown ring
- 9 languages: EN, FR, DE, ES, IT, PT, UK, ZH, JA
- 2273+ translation keys per language, 0 missing
- Short mobile labels: 16
*Shortkeys per language for compact navigation - New namespaces:
reconnect.*,table.*,windows.*
- Unified ExportModal with tabbed interface (PEM, DER, PKCS#12, Chain PEM)
- RBAC permission guards on private key access
- Certificate, CA, and Trust Store export from detail windows and floating windows
- Certificate Activity chart with Issued/Expired/Revoked series
- Day selector (7d/15d/30d) with optimized grouped SQL queries
- Status distribution pie chart
- Draggable grid layout with persistent positions
- Scheduled compliance reports with certificate inventory
- Certificate policies with key usage and validity constraints
- Approval workflows for certificate issuance
- Default admin password is randomly generated at install (shown in terminal and
/etc/ucm/ucm.env) - Force password change on first login
- cryptography upgraded to 46.0.5 (CVE-2026-26007)
- RBAC with custom roles and granular permissions (read/write/delete/admin per resource)
- Auto-update DEB postinst fix: updater systemd units
- Backup v2.0 - Complete backup/restore for all database tables
- File Regeneration - Startup service regenerates missing cert/key files from database
-
Human-Readable File Names -
{cn-slug}-{refid}.extinstead of UUID-only - SoftHSM Integration - Automatic SoftHSM2 setup across DEB, RPM, Docker
- Webhooks - Management in Settings for CRUD, test, and event filtering
- ACME Multi-CA - Let's Encrypt, ZeroSSL, Buypass, custom ACME servers
- Template Duplication - Clone endpoint: POST /templates/{id}/duplicate
- Settings About - Version, system info, uptime, memory, links
- Health endpoint consolidated under
/api/v2/health(backward-compatible) - ACME account delete: cascade cleanup (challenges→authorizations→orders)
- FloatingHelpPanel: missing SOFT_MAX_W constant
- Dashboard charts: fixed width/height(-1) errors with absolute positioning
- Dashboard donut: fixed gradient IDs using translated names (SVG invalid refs)
- Dashboard: react-grid-layout v2.2.2 API compatibility
- OPNsense: wrapped password inputs in form element (DOM warning)
- Toast notifications: stack vertically
- Radix Select: filter empty value options
- Truststore delete: returns 200 instead of broken 204
- CRL: returns null data instead of 404 when not yet generated
- UTC timezone handling: API timestamps include 'Z' suffix
- Reports page: fixed infinite loop caused by unstable useCallback deps
- Z-index hierarchy: confirm/prompt dialogs now render above floating windows
- Table refresh: data reloads after floating window actions (revoke/renew/delete)
- Chart labels: readable X-axis with dynamic interval, solid line styles
- Force password change: fixed flag not being set in database_health.py admin creation
- Default admin password is now randomly generated (displayed during install)
- Operations page replaces the old Import/Export page
- Themes reduced from 6 to 3 color schemes
- JWT authentication removed (session cookies + API keys only)
- Existing installations: database migrations run automatically at startup
- The default password change only affects new installations
- All existing user passwords remain unchanged
- Health endpoint available at both
/api/v2/healthand/api/health