Skip to content

Releases: ill-yes/steam-bee

SteamBee 1.0.3

Choose a tag to compare

@ill-yes ill-yes released this 09 Jul 23:52
Immutable release. Only release title and notes can be modified.
0f01348

Security

  • Enforce 16-byte AES-GCM authentication tags and strict encrypted-payload validation.
  • Make setup-token creation race-free and keep data directories, database files, instance secrets, and setup tokens private by default.
  • Bound correlation IDs, redact credentials from errors and events, disable API response caching, and apply instance-wide admin authentication throttling.
  • Cancel expired QR login polling and reject stale authentication events.
  • Validate proxy trust as an exact hop count or trusted IP/CIDR list; use TRUST_PROXY=1 for one reverse proxy.

Container and supply chain

  • Pin Node.js 22.23.1 by multi-architecture digest and remove npm, Corepack, and Yarn from the runtime image.
  • Run with UID/GID 10001, a read-only root filesystem, all capabilities dropped, and a 256-process limit.
  • Gate releases with dependency audit, Trivy HIGH/CRITICAL scanning, amd64 smoke tests, and SHA-pinned GitHub Actions.
  • Publish linux/amd64 and linux/arm64 images with SBOM, provenance, and GitHub artifact attestations.

Deployment

  • GHCR tags: 1.0.3, 1.0, and latest.
  • The included Compose files are updated for VPS and Unraid deployments, including safer backups and a Community Apps template.
  • Existing clones must rebase or clone again because historical commit metadata and earlier release tags were rewritten to remove a private author email. File contents of the rewritten commits are unchanged.

Verify the image with:

gh attestation verify oci://ghcr.io/ill-yes/steam-bee:1.0.3 --repo ill-yes/steam-bee

SteamBee 1.0.2

Choose a tag to compare

@ill-yes ill-yes released this 09 Jul 22:31

SteamBee 1.0.2 improves the public Docker deployment path without changing the application API or database schema.

Changes

  • Pin the runtime identity to UID/GID 10001:10001 for predictable VPS, NAS, and Unraid bind-mount permissions.
  • Make compose.image.yml directly usable with the pinned ghcr.io/ill-yes/steam-bee:1.0.2 image while preserving STEAM_BEE_IMAGE overrides.
  • Keep local backup archives out of Git and the Docker build context.
  • Make restore operations remove stale visible files and dotfiles before extracting a backup.
  • Put the prebuilt-image quick start first and clarify host-based versus container-based reverse proxy setups.
  • Verify the runtime identity in the CI read-only container smoke test.

Install

git clone https://github.com/ill-yes/steam-bee.git
cd steam-bee
docker compose -f compose.image.yml up -d

Open http://127.0.0.1:3000 by default. See the README for remote access, reverse proxy, Unraid, backup, restore, and update instructions.

Container images

  • ghcr.io/ill-yes/steam-bee:1.0.2 - immutable patch release
  • ghcr.io/ill-yes/steam-bee:1.0 - latest 1.0 patch
  • ghcr.io/ill-yes/steam-bee:latest - latest stable release

All stable tags currently resolve to the same OCI manifest digest and support linux/amd64 and linux/arm64. BuildKit provenance attestations are published alongside both platform images.

SteamBee 1.0.1

Choose a tag to compare

@ill-yes ill-yes released this 09 Jul 22:08

SteamBee 1.0.1 is a release-hardening patch with no application API or database changes.

Changes

  • Updates Vite and Vitest to patched versions, removing all open Dependabot security alerts from the default branch
  • Corrects OCI image metadata to use the SteamBee product name and AGPL-3.0-or-later license identifier
  • Updates prebuilt-image examples to the current stable tag

Install

Use ghcr.io/ill-yes/steam-bee:1.0.1 for repeatable deployments. The 1.0 and latest tags point to the same multi-architecture image for linux/amd64 and linux/arm64.

See the deployment guide for Compose, reverse-proxy, backup, restore, and update instructions.

SteamBee 1.0.0

Choose a tag to compare

@ill-yes ill-yes released this 09 Jul 21:40

SteamBee 1.0.0 is the first public release.

Highlights

  • Self-hosted management UI for boosting playtime on your own Steam accounts
  • Account, game library, preset, schedule, QR login, event, and admin workflows
  • English fallback with lazy-loaded community translations, including RTL support
  • Hardened single-container deployment with SQLite persistence, setup-token protection, readiness checks, and a read-only root filesystem
  • Multi-architecture images for linux/amd64 and linux/arm64, published with OCI metadata, provenance, and an SBOM

Install

Use the prebuilt image with compose.image.yml, or build locally with compose.yml. See the deployment guide for setup, reverse-proxy configuration, updates, backup, and restore instructions.

Image: ghcr.io/ill-yes/steam-bee:1.0.0

Security

A fresh instance requires its one-time setup token before the administrator account can be created. Keep .env, /data, backups, and setup tokens outside version control. Please report vulnerabilities privately through GitHub Security Advisories.