Skip to content

v1.8.2

Choose a tag to compare

View all tags
@orangeshyguy21 orangeshyguy21 released this 17 Apr 18:54
· 113 commits to master since this release
v1.8.2
9c6807b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Overview

Hardened Security Headers

  • Production responses now ship a locked-down Content Security Policy with per-request nonces for script-src and style-src, replacing 'unsafe-inline'. A new index-html middleware templates the nonce into the Angular shell before serving.
  • Cross-Origin-Opener-Policy: same-origin and Cross-Origin-Resource-Policy: same-origin are now set, severing window.opener from cross-origin tabs and blocking no-cors embedding of Orchard responses on other origins.
  • connect-src is tightened to 'self', img-src allows remote http/https sources, and base-uri / form-action are pinned to 'self'.
  • Dev continues to emit report-only CSP with 'unsafe-inline' so the Angular dev server keeps working unmodified.

Per-Purpose Crypto Keys

  • Orchard now derives three distinct keys from the root secret — one for init, one for settings encryption, and one for JWT signing — instead of reusing a single key across all three purposes.
  • Encrypted settings are no longer round-tripped through forms; they surface as flagged hints in the new richer settings metadata objects, which also improves form validation and flow.

Important

Existing deployments will derive new keys from the same root secret on first boot. Settings already encrypted with the prior key will be re-encrypted under the new settings key automatically.

GraphQL-WS Subscriptions

  • Subscriptions are rebuilt on the modern graphql-ws client on both ends of the pipe, replacing the legacy rxjs WebSocketSubject + subscriptions-transport-ws handshake. AI chat and Bitcoin streams are rewritten against the new client.subscribe() API.
  • Subscription auth now rides on connectionParams and is validated centrally by GqlAuthenticationGuard, dropping the per-query auth argument and the @NoHeaders() escape hatch.
  • The GraphQL WebSocket URL derives its scheme from window.location.protocol, so HTTPS deployments correctly negotiate wss:// instead of being blocked as mixed content.

Explicit Dev Auth Bypass

  • Dev-only auth bypass is now a named, explicit mode rather than an implicit side-effect, and the client is aware of it so the auth flow pivots accordingly.

Mint Quote TTL & Number Inputs

  • Mint quote TTL values are now treated as seconds throughout, fixing the prior millisecond miscalculation that shortened quote validity. Config language has been updated to describe the control directly — quote TTL governs both bolt11 mint quotes and melt quotes stepping in front of payment.
  • The locale-aware number input directive has been rebuilt; grouping separators, decimal handling, and edit behavior now respect locale instead of leaning on the previous lazy implementation.

Schema Generation Hardening

  • Init lifecycle hooks are guarded so schema-only boot paths skip runtime setup, schema generation now catches and rethrows errors cleanly, and the process exits reliably when generation completes.

Build & Developer Experience

  • Angular framework packages bumped to 21.2.9, Angular Material / CDK / Material-Luxon to 21.2.7, @nestjs/graphql refreshed, and transitive lockfile bumps for hono and protobufjs.
  • npm audit fix applied, and AGENTS.md now documents Orchard's self-hosted FOSS deployment context so future contributors frame fixes, defaults, and error messages around operator-run reality.

Bug Fixes

  • Custom AI tool jobs now refresh the tool GUI when users make changes instead of appearing frozen.
  • Missing chart provider on the index section is now registered, so dashboard charts render on first load.
  • Main mint dashboard container always grows to full width, eliminating the layout snap that occurred at load.

What's Changed

Full Changelog: v1.8.1...v1.8.2

Contributors

orangeshyguy21
Assets 4
Loading