You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Webhook GET/HEAD Support, SSO Improvements, and Multiple Bug Fixes
✨ Features
webhooks: Generic Webhook notification channels now support GET and HEAD HTTP methods, for compatibility with heartbeat/push-monitoring services like Uptime Kuma and Healthchecks.io. Thanks @Shlok-Zanwar (#123)
SSO: Added a new Profile > SSO tab where users can view, disconnect, and manually connect their linked identity provider accounts.
🐛 Bug Fixes
notifications: Fixed webhook and notification deliveries being logged as "Success" even when the adapter failed to send (e.g. DNS errors, timeouts). Thanks @Shlok-Zanwar (#123)
explorer: Fixed Database Explorer UI not updating when navigating with the browser's back/forward buttons. Thanks @Shlok-Zanwar (#126)
SSO: Fixed dashboard-created users failing to link to a matching SSO identity on first login, shown as "Unknown Error". (#128)
SSO: Deleting an identity provider now also removes every user's linked account for it, instead of leaving a permanently stale "Provider no longer available" connection behind.
🔒 Security
dependencies: Updated adm-zip to v0.6.0, fixing a high-severity vulnerability where a crafted ZIP file could trigger a 4GB memory allocation (GHSA-xcpc-8h2w-3j85).
vault: The Dropbox, Google Drive, and OneDrive OAuth token validation endpoints now require the credentials:read permission, closing a gap where any authenticated API key could probe the validity of a stored OAuth credential profile.
🎨 Improvements
SSO: Deleting an identity provider now warns how many users are connected and lists which of them have no other login method and would be locked out entirely.
api-docs: Synced the standalone API reference deployment with the in-app spec, which was missing the entire Credentials/Vault section, and documented 8 previously-undocumented endpoints (version history, database table browsing, dashboard calendar, storage verification, and cloud storage OAuth authorization).
🧪 Tests
SSO: Updated the deleteProvider() unit test to match the transactional delete (provider + linked accounts) introduced alongside the SSO provider deletion warning.