v1.6.0

What's Changed

• feat(email): SMTP-fallback transactional outbox + informational health probes by @asm0dey in #34

Full Changelog: v1.5.0...v1.6.0

v1.5.0

What's Changed

• fix(security): trust proxy X-Forwarded-* so login cookie is Secure in prod by @asm0dey in #31
• feat(meeting-types): create form min notice defaults to 4× duration by @asm0dey in #32
• feat(auth): forgot-password flow with emailed reset link by @asm0dey in #33

Full Changelog: v1.4.0...v1.5.0

v1.4.0

⚠️ BREAKING — set TOKEN_ENCRYPTION_KEY before upgrading

v1.4.0 encrypts Google OAuth tokens at rest and adds a new required production secret, TOKEN_ENCRYPTION_KEY. A %prod deployment fails to boot until it is set (fail-closed by design).

Upgrade steps (from v1.3.x):

1. Generate a permanent key: openssl rand -hex 32 (64 hex chars).
2. Set TOKEN_ENCRYPTION_KEY to that value on every replica (same value everywhere, like SESSION_ENCRYPTION_KEY).
3. Deploy. On first boot, existing plaintext tokens are encrypted in place — no user has to reconnect their calendar.

Do not rotate this key — changing it strands all encrypted tokens and disconnects every calendar.

Also in this release: Google OAuth redirect URIs now derive from APP_BASE_URL automatically (fixes redirect_uri_mismatch when the redirect env vars were unset). Ensure ${APP_BASE_URL}/api/google/callback and ${APP_BASE_URL}/api/google/login/callback are registered in your Google OAuth client.

---

What's Changed

• Security audit remediation (2026-06-12 audit) by @asm0dey in #26
• chore(deps): update github/codeql-action action to v4 by @renovate[bot] in #29
• chore(deps): pin dependencies by @renovate[bot] in #28
• build(deps): bump github/codeql-action from 3 to 4 by @dependabot[bot] in #27
• fix(google): derive OAuth redirect URIs from APP_BASE_URL by @asm0dey in #30

New Contributors

• @dependabot[bot] made their first contribution in #27

Full Changelog: v1.3.1...v1.4.0

v1.3.1

Full Changelog: v1.3.0...v1.3.1

v1.3.0

What's Changed

• feat(auth): Sign in with Google by @asm0dey in #25

Full Changelog: v1.2.0...v1.3.0

v1.2.0

What's Changed

• Workplan grid remake: seven-day schedule editor + brand favicon by @asm0dey in #24

Full Changelog: v1.1.0...v1.2.0

v1.1.0

What's Changed

• Multi-account Google Calendar support + fix all-slots-free bug by @asm0dey in #22
• release: 1.1.0 — multi-account Google Calendar by @asm0dey in #23

Full Changelog: v1.0.1...v1.1.0

v1.0.1

What's Changed

• docs: refresh README + AGPL-3.0 license; fix(compose): pg18 volume + stale env by @asm0dey in #20
• release: 1.0.1 (pg18 volume fix, trademark, version bump) by @asm0dey in #21

Full Changelog: v1.0.0...v1.0.1

v1.0.0

What's Changed

• chore: Configure Renovate by @renovate[bot] in #1
• ci: GitHub Actions build/test/publish/release pipeline by @asm0dey in #2
• chore(deps): update dependency maven to v3.9.16 by @renovate[bot] in #3
• chore(deps): update surefire-plugin.version to v3.5.6 by @renovate[bot] in #4
• fix(deps): update quarkus.platform.version to v3.36.2 by @renovate[bot] in #7
• deps: batch Renovate updates (Maven libs + CI actions) by @asm0dey in #19

New Contributors

• @renovate[bot] made their first contribution in #1
• @asm0dey made their first contribution in #2

Full Changelog: https://github.com/asm0dey/calit/commits/v1.0.0