Releases: chicohaager/TravelMind
Releases · chicohaager/TravelMind
Release list
v1.2.2 - Security Fixes
Security Fixes
Critical
- IDOR Vulnerabilities - Fixed in diary and budget routes
- Added shared
access_control.pyutility - Now checks trip owner OR accepted participant
- Added shared
- Path Traversal - Fixed in photo deletion
- Validates filename and resolves path within upload directory
- CSRF Middleware Bug - Fixed undefined variable
High Priority
- Password Reset Token Reuse - Tokens now invalidated after use
- New
password_changed_atfield tracks when password was changed - Tokens issued before password change are rejected
- New
Rate Limiting
- Photo upload: 60/min → 15/min (prevents storage DoS)
- Audio transcription: New 10/hour limit (prevents API cost abuse)
Files Changed
backend/middleware/security.pybackend/models/user.pybackend/routes/budget.pybackend/routes/diary.pybackend/routes/password_reset.pybackend/utils/access_control.py(new)backend/utils/rate_limits.py
v1.2.1 - bcrypt fix
Fixes
- Fix bcrypt version compatibility with passlib (4.1.2 → 4.0.1)
- Fix hardcoded German text in TripDetail - now uses i18n translations
- Add missing translation keys for: description, period, destination, travelDiary, statistics, visited, diaryEntries, photos, interactiveMapAndRoutes
Languages
All 4 languages updated: English, German, French, Spanish
v1.2.0 - Security & Bug Fixes
Security Fixes (HIGH severity)
- Fix missing authentication in diary photo deletion
- Fix export endpoints auth bypass in diary routes
- Add trip ownership verification to all timeline endpoints
- Fix timezone issues with
datetime.now(timezone.utc)
Frontend Bug Fixes
- Fix React rules violation (setState during render) in TimelineView
- Fix Blob URL memory leak in DiaryModal
- Fix DOM manipulation error handling in TripDetail export
- Replace hardcoded German text with translation keys
Database Migration
- Remove SQLite support - PostgreSQL only
- Simplify database.py for single database engine
Translation Improvements
- Add missing keys across all 4 languages (en, de, es, fr)
- Complete ES and FR translations
New Feature
- Add ShareButton component
Docker Images
docker pull chicohaager/travelmind-backend:latest
docker pull chicohaager/travelmind-frontend:latestv1.1.0 - Multi-language Support
What's New
Multi-Language Support
- 4 Languages: English, German, French, Spanish
- Automatic browser language detection
- Easy language switching in the app
- Namespace-based i18n architecture (25 namespaces per language)
New Features
- Lightbox: Full-screen image viewing in diary entries with keyboard navigation
- Expandable Diary Entries: "Read more" functionality for long entries
- IndexedDB Fallback: Graceful offline support
- Request ID Middleware: Better request tracing
- Health Check Endpoint: Detailed system monitoring
- GDPR Data Export: Compliant user data export
- Password Reset Flow: JWT-based email verification
- Database Backups: Automated backup scripts
Improvements
- Production Docker optimization with multi-stage builds
- Enhanced rate limiting configuration
- Improved OpenAPI documentation
Bug Fixes
- Fixed Settings page "t is not defined" error
- Fixed Diary "Weiterlesen" button not working
- Fixed IndexedDB availability check
Security
- Audit logging for sensitive operations
- Improved rate limiting per endpoint
Docker Images
docker pull chicohaager/travelmind-frontend:1.1.0
docker pull chicohaager/travelmind-backend:1.1.0Quick Start
curl -O https://raw.githubusercontent.com/chicohaager/TravelMind/main/docker-compose.hub.yml
docker-compose -f docker-compose.hub.yml up -d