Skip to content

v0.36.0

Latest
Latest

Choose a tag to compare

View all tags
@mattwoberts mattwoberts released this 24 Jun 11:24
· 4 commits to main since this release
v0.36.0
eabad3c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Fider v0.36.0

⚠️ Security

This release includes several security fixes — upgrading is recommended.

  • SSRF hardening — block server-side request forgery via custom OAuth provider Token/Profile URLs.
  • XSS fix — prevent potential malicious script execution in rendered content (plus a DOMPurify update).
  • Invite scoping — invite-token verification is now scoped to the tenant.
  • Pro gating — custom invite copy is restricted to pro tenants.

✨ Features

  • Roadmap — a new public roadmap view (pro-only on the cloud instance)
  • Self-service board deletion — owners on multi-site instances can schedule deletion of their own board, with a grace period, a cancel link, and a confirmation email.
  • Tag administration — improved tag management UI, icons, and styling.
  • Tenant description template — a configurable description template in tenant settings.
  • SMTP implicit TLS (SMTPS) — optional implicit-TLS / port-465 support for outbound email.
  • Longer comments — the comment length limit was raised to 4000 characters (create and edit aligned).

🐛 Fixes & improvements

  • Show images placed at the very beginning of post content.
  • Append attachments supplied via POST /api/v1/posts to the end of the post description.
  • New navigation header: stop notification icons wrapping onto a second row.
  • Content-moderation indicator adjustments.
  • Corrected "Powered by Fider" version-string formatting.
  • Internal fixes: ToModel handling, danger-zone copy escaping.

🔧 Upgrade notes

A standard deploy (run migrations + restart) is all that's required.

  • Database migrations: 2 new migrations are included — run them as usual (make migrate).
  • New optional environment variables (both backward compatible — no action needed unless you want them):
    • EMAIL_SMTP_ENABLE_IMPLICIT_TLS (default false) — enable for SMTPS / port 465.
    • STRIPE_UK_VAT_TAX_RATE_ID — hosted billing only; UK VAT is skipped if unset.
  • No new background services or workers — the board-deletion cleanup runs as an in-process scheduled job.

🧹 Maintenance

  • Dependency and CI/action group updates, lockfile stabilization, and updated translations.

Full changelog: v0.35.0...v0.36.0

New Contributors

Full Changelog: v0.35.0...v0.36.0

Contributors

anderslarssonvbg, hungtcs, and jeffreyvdhondel
Assets 2
Loading